Aikido Security has identified a critical vulnerability named PromptPwnd affecting GitHub and GitLab CI/CD pipelines integrated with AI agents like Gemini CLI and OpenAI Codex. At least five Fortune 500 companies are impacted, indicating a broader issue. This vulnerability arises when untrusted user inputs are injected into prompts, allowing AI agents to execute privileged tools, potentially leaking secrets and manipulating workflows.
Aikido has proactively open-sourced Opengrep rules for detection and reported the issue to Google, which patched the Gemini CLI within four days. Best practices for remediation include restricting AI tool capabilities, validating user inputs, and treating AI output as untrusted code. The research underscores the risks associated with AI in CI/CD, making it imperative for organizations to audit their workflows to mitigate potential attacks. Aikido offers solutions to detect and prevent these vulnerabilities, ensuring safer integration of AI technologies in development processes.
Source link
