AIToday

GitHub fixed a critical remote code execution vulnerability in less than six hours after Wiz Research discovered it using AI models.

The Verge AIApr 29, 20262 min read
GitHub fixed a critical remote code execution vulnerability in less than six hours after Wiz Research discovered it using AI models.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Wiz Research used AI models to uncover a vulnerability in GitHub's internal git infrastructure that could have allowed attackers to access millions of public and private code repositories. GitHub's security team reproduced the vulnerability internally within 40 minutes, and the engineering team deployed a fix just over an hour after identifying the root cause.

  2. The vulnerability was discovered in closed-source binaries using AI — described by Wiz as 'one of the first critical vulnerabilities discovered in closed-source binaries using AI' — and was 'remarkably easy to exploit' despite the complexity of GitHub's underlying system.

  3. The issue was fixed within six hours of Wiz's report, with no evidence of exploitation found during a forensic investigation. The discovery earned one of the highest rewards available in GitHub's Bug Bounty Program.

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →