Ghostcommit Attack Conceals Malicious AI Instructions in Images to Steal Sensitive Data
Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction
Cybersecurity researchers have uncovered Ghostcommit, a new supply chain attack technique that hides malicious instructions inside PNG image files to manipulate AI-powered coding assistants. The method is designed to trick AI tools into accessing and exposing sensitive information such as API keys, database credentials, and cloud secrets.

Instead of placing malicious prompts directly in code, the attack splits its payload into two parts. An AGENTS.md file contains a seemingly harmless instruction directing the AI assistant to reference an image, while the actual prompt-injection commands remain concealed inside a PNG file. This approach allows the attack to evade security checks that primarily inspect text-based content.
Once a malicious pull request is merged, the attack activates when a developer later uses an AI coding assistant. The hidden instructions can prompt the AI to read confidential .env files, convert their contents into ASCII integer values, and embed the encoded data into source code. Because many AI code review tools overlook image content and secret scanners focus on readable credentials, the attack can bypass multiple layers of security without triggering alerts.
Researchers found that the success of Ghostcommit depends more on the AI coding framework than the language model itself. While some environments leaked sensitive data when using models such as GPT-5.5, Claude, and Gemini, Claude Code consistently refused to execute the hidden instructions. To counter the threat, the team developed a multimodal GitHub security review system that analyzes both code and embedded images, successfully detecting all malicious pull requests during testing without false positives.
The findings highlight the growing risks associated with AI-driven software development and the need for stronger supply chain security. Organizations can strengthen their defenses by enforcing clear AI usage policies, reviewing AI-generated code more rigorously, monitoring repository changes, limiting AI access to sensitive files, and adopting security tools capable of inspecting both text and image-based content.
CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.
Source: Ghostcommit attack hides malicious AI instructions inside images to steal sensitive data | The Mainstream | https://themainstream.co.in/ghostcommit-attack-hides-malicious-ai-inst/
