This extends the risk beyond code and into product security, private disclosures, and organizational secrets," Mayraz explains. Legit Security reported Duo's vulnerabilities to GitLab on Feb. 23.

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code ...

Examples include merge requests, commits, bug descriptions and comments, and source code. The researchers demonstrated how instructions embedded inside these sources can lead Duo astray.