Originally published on AI Tech Connect.
What happened, in plain English Security researchers have demonstrated a prompt-injection technique nicknamed "Comment and Control" — a deliberate pun on the "command and control" infrastructure used in malware campaigns. The idea is unsettling in its simplicity. An attacker opens a pull request, or leaves an issue comment, and writes a malicious instruction into the title or description. An AI coding agent wired into the repository's continuous integration pipeline reads that text, treats it as a genuine instruction, and obediently carries it out — including dumping environment variables and posting the stolen secrets straight back into a public comment. Reporting by VentureBeat in May 2026 described the same class of attack succeeding against three widely deployed agents: Anthropic's…
Top comments (0)