May 23, 2025 // Vulnerability | #Indirect Prompt Injection #GitLab Duo #Source Code Exfiltration

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts - The Hacker News

A critical indirect prompt injection vulnerability was discovered in GitLab Duo Chat, an AI-powered coding assistant, allowing attackers to embed hidden instructions within project content. This flaw enabled the exfiltration of private source code, confidential zero-day vulnerabilities, and the injection of malicious HTML/JavaScript into AI-generated responses.

Source: Original Report ↗
← Back to Feed