Ghostcommit: Hiding Prompt Injection Inside PNG Images to Trick AI Agents Into Stealing a Repository's Secrets
Overview
On July 11, 2026, Ghostcommit — an attack technique published as a Proof-of-Concept by the ASSET Research Group (University of Missouri-Kansas City), led by Associate Professor Sudipta Chatto
blog.fiscybersec.com14 min read