A critical security flaw has been uncovered in a GitHub AI agent, dubbed 'GitLost' by researchers, which allows private repositories to be exposed when an attacker asks for them in plain language. The vulnerability requires no sophisticated hacking tools — simply sending a polite request to the agent can return sensitive code and data from private repos. As of 16 July 2026, GitHub has not released a patch or any official documentation acknowledging the issue.
The flaw highlights a growing tension between convenience and security in AI-powered developer tools. GitHub's Copilot and related agents are trained on vast codebases and designed to assist with coding tasks, but this incident shows they can be manipulated to bypass access controls. For UK businesses, especially startups and fintech firms that rely on GitHub for version control, the implications are severe: proprietary algorithms, API keys, and customer data could be exposed without a trace.
Under UK data protection law, the Information Commissioner's Office (ICO) requires organisations to implement appropriate technical measures to safeguard personal data. A breach via an AI agent could trigger regulatory action if customer information is leaked. Meanwhile, the EU AI Act, which came into full force earlier this year, classifies such tools as 'limited risk' but mandates transparency and human oversight. UK firms operating in Europe may need to reassess their compliance posture.
Dr. Eleanor Marsh, a cybersecurity researcher at the University of Cambridge, commented: 'This is a classic case of an AI system doing what it was trained to do — assist — but without understanding the context of permissions. The lack of a fix or even documentation is alarming. It suggests the vendor may not fully grasp the attack surface.' She urged UK developers to temporarily disable AI agent features on repositories containing sensitive code until a solution emerges.
For the UK economy, which is heavily reliant on its tech sector, such vulnerabilities could erode trust in cloud-based development platforms. Small and medium-sized enterprises (SMEs) that lack dedicated security teams are particularly exposed. The incident also raises questions about the accountability of AI vendors when their products introduce unforeseen risks. Until a patch arrives, businesses are advised to audit their GitHub permissions and monitor for unusual access patterns.