Ghostcommit Supply-Chain Attack Uses AI Prompt Injection to Steal Secrets

The software development lifecycle (SDLC) is undergoing a massive paradigm shift, driven by the rapid integration of artificial intelligence (AI) into daily engineering workflows. As organizations race to employ autonomous AI agents and automated code-review bots to optimize their continuous integration and continuous deployment (CI/CD) pipelines, they are inadvertently exposing entirely new, complex attack surfaces. Security researchers have long warned that trusting AI-driven systems without robust validation mechanisms would eventually invite disaster. That prediction became a reality with the disclosure of Ghostcommit, a groundbreaking supply-chain attack discovered by the ASSET Research Group at the University of Missouri-Kansas City (UMKC). Led by associate professor Sudipta Chattopadhyay and researcher Murali Ediga, the team demonstrated how threat actors can exploit the visual blind spots of automated code reviewers to manipulate AI coding assistants into exfiltrating high-value repository secrets.
Traditionally, software supply chain security focused on malicious dependency injection, compromised third-party libraries, or hijacked developer credentials. However, the emergence of LLM-native development ecosystems has created a new operational model where AI tools actively read, modify, and commit code. Ghostcommit highlights a structural vulnerability in how these tools interact. While text-based security filters and static application security testing (SAST) engines are designed to scan code diffs for obvious signs of compromise
Written by
TempMail Ninja
Digital privacy and online security expert. Passionate about creating tools that protect users' identity on the internet.


