Inside Ghostcommit: How Malicious PNGs Bypass AI Code Reviewers
Inside Ghostcommit: How Malicious PNGs Bypass AI Code Reviewers

Inside Ghostcommit: How Malicious PNGs Bypass AI Code Reviewers

Key takeaways in 90 seconds:

Multimodal Vulnerability: Ghostcommit is a novel supply chain exploit targeting AI coding tools with vision capabilities.

The Payload Split: The attack uses a two-file payload. A text-based rule file (like AGENTS.md) instructs the AI to read a PNG asset (such as build-spec.png) containing rendered text instructions.

Bypassing Reviewers: Automated code review tools (like CodeRabbit) fail to scan the pixels of binary image assets, allowing the malicious pull request to pass security checks.

Data Exfiltration: Once merged, the developer's local AI agent reads the image, processes the visual prompt, extracts sensitive .env keys, and encodes them as harmless arrays to leak them.

Pipeline Hardening: Mitigate this risk by disabling vision capabilities in automated pipeline agents, sandboxing execution environments, and enforcing strict input boundaries.

submitted by /u/gastao_s_s
[link] [comments]