GitHub

News from IT House on June 7, Microsoft researchers found,Anthropic Under the flag Claude. Code. GitHub There is a loophole in the automated process, which could lead to the disclosure of confidential information in the ongoing integration/continuing deployment (CI/CD) workflow, and the assailants may steal sensitive documents through the introduction of warning messages.

The study was launched by the Microsoft Threat Intelligence Team following an attempt to infuse an artificial intelligence-assisted GitHub workflow in an open code repository.

According to IT House, the infusion of a hint is a type of artificial intelligence security loophole. The attackers are able to manipulate model behaviour by embedding misleading instructions in the contents of large model processes. The normal design logic for large language models is to follow the developer ' s instructions and respond to user questions, while the attackers try to seduce the models and make them ignore preset instructions.

The researchers gave an example of an attacker hiding an injection. HTML Note. Such content is invisible in the GitHub presentation interface, but an artificial intelligence model that reads the original Markdown source code can be identified. The code library was used to automatically process worksheets through GitHub automated processes.

An attacker can disguise a malicious order as a general functional requirement, without the need to obtain the permission to modify the project, and simply submit a GitHub worksheet to induce an artificial intelligent robot to perform the modification.

Microsoft confirmed that the same type of injection could also be directed at the Claude Code GitHub automated process in Anthropic. Anthropic has previously set up sandbox protection for some tools (e.g. the Bash tool that allows Claude to execute commands in the system).

However, Microsoft found that Claude ' s reading tools for reading documents were not equally restricted.

Researchers have developed a hint to inject the attack payload and tested the loophole. In the test, the malicious message successfully bypassed two layers of protection and induced the artificial intelligence assistant to read the system file containing the application interface key and other supporting documents.

Microsoft reported the leak to Anthropic on April 29th. Anthropic completed the restoration of the Claude Code 2.1.128 version on 5 May by limiting access to sensitive documents under /proc/ catalogue to prevent the illegal theft of relevant information.

Advertising statements: The external jump links (including not limited to hyperlinks, 2D codes, passwords, etc.) contained in the text are used to convey more information and save time for selection purposes only for reference purposes, which are included in all IT House articles.