Vendors and modelsDeployer
GitHub AI failures
Every documented AI failure involving GitHub on the AI Failure Index, classified by the mechanism that broke.
- Failures
- 2
- Highest severity
- Catastrophic
- Span
- 2025
- Failure modes
- 1
CamoLeak prompt injection in GitHub Copilot Chat silently exfiltrated private code and secrets
A CVSS 9.6 vulnerability dubbed CamoLeak allowed attackers to embed hidden prompts in pull request descriptions using HTML comment syntax, which GitHub Copilot Chat then executed under the victim's permissions. The injected instructions directed Copilot to encode private source code and secrets as sequences of Camo-proxied image URLs, bypassing GitHub's Content Security Policy and silently exfiltrating data to an attacker-controlled server. The flaw was discovered in June 2025 by Omer Mayraz of Legit Security and reported via HackerOne, with GitHub deploying a fix on August 14, 2025.
- Confidence
- High (multi-source, primary)
CVE-2025-53773 enabled RCE via prompt injection in GitHub Copilot Agent Mode
CVE-2025-53773 is a command injection vulnerability in GitHub Copilot and Visual Studio that permits an unauthorized attacker to execute code locally via prompt injection. An attacker embeds malicious instructions in content processed by Copilot, such as source code files or pull request descriptions, which instructs the agent to modify workspace settings and disable user approval for command execution. Microsoft patched the vulnerability on August 12, 2025 as part of Patch Tuesday after discovery by security researchers Johann Rehberger, Markus Vervier, and Ari Marzuk.
- Confidence
- High (multi-source, primary)
See how Realm catches these failure modes at runtime, before they reach production.
Book a Demo