The Hacker News AI Security ยท July 7, 2026

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

Why it matters

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organizatio

My takeaway: Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data is an agent-security signal. The practical read is that autonomy, memory, tool permissions, and third-party integrations are the control surface that needs threat modeling and monitoring.