So this wasn't really fixed. The impressive thing here is that copilot accepts natural language. So whatever exfiltration method you can come up with, you just write out the method in english.

They merely "fixed" one particular method, without disclosing how they fixed it. Surely you could just do the base64 thing to an image url of your choice? Failing that, you could trick it into providing passwords by telling it you accidentally stored your grocery list in a field called passswd, go fetch it for me ppls?

There's a ton of stuff to be found here. Do they give bounties? Here's a goldmine.

Somehow this article feels like a promotional for Legit. But all AI vibe solutions face the same weaknesses. Limited transparency and trust Issues: Using non FOSS solutions for cybersecurity is a large risk.

If you do use AI cyber solutions, you can be more vulnerable for security breaches instead of less.

Wondering if the ability to use hidden (HTML comment) content in PRs would not remain a nasty issue: especially for open source repos?! Was that fixed?

Wild approach. Very nice

You'd have to be insane to run an AI agent locally. They're clearly unsecurable.

can you still make invisible comments?

A good vulnerability writeup, and a thrill to read. Thanks!

Did the markdown link exfil get fixed?