← Glossary Term
GitLost
A 2026 attack that hijacked AI coding agents through poisoned repositories.
GitLost is the name given to a prompt-injection attack discovered in 2026: attackers hid malicious instructions in code repositories so that AI coding agents reading them would follow the attacker’s orders, for example leaking secrets.
GitLost is the clearest warning yet that AI agents need the same security thinking as human employees: whatever they read can try to manipulate them.
Mentioned in