🖼 Ghostcommit Attack: Malicious Instructions in Images Deceive AI Agents
Researchers from the ASSET Research Group have introduced the Ghostcommit attack, which utilizes prompt injections inside PNG images. Attackers embed instructions into images read by AI agents (such as Cursor), allowing them to steal secrets from .env files.
🌍 The attack reveals a blind spot in development: multimodal models process visual content, bypassing standard code checks. Security now depends not only on the LLM but also on the tools (IDEs, agents) that have access to the system.
👤 Be cautious with external Pull Requests containing new images or AGENTS.md files. Monitor the file system access permissions of your AI assistants.
