Security researchers have exposed a clever new way to weaponize AI coding assistants, and it hides in plain sight. The attack, named Ghostcommit, buries malicious instructions inside a PNG image so that AI code reviewers never catch them. As a result, a poisoned pull request can look completely harmless during review, then quietly steal secrets […]
The post