PromptPwnd: Critical Prompt Injection Vulnerability in GitHub and GitLab CI/CD Pipelines

Aikido Security has disclosed a significant prompt injection vulnerability named PromptPwnd affecting CI/CD pipelines in GitHub and GitLab environments that incorporate AI systems. This flaw enables attackers to exfiltrate sensitive secrets including API keys, tokens, and credentials by manipulating AI model prompts within build processes. Prompt injection attacks occur when untrusted input is improperly sanitized before being processed by AI models, allowing adversaries to override intended behavior. In CI/CD contexts, such vulnerabilities are particularly dangerous as these systems typically have elevated access to code repositories and deployment infrastructure. While the report indicates major enterprises are impacted, specific technical details about the exploitation vector remain undisclosed. The vulnerability appears to stem from insecure interactions between user-supplied inputs and AI components within build workflows. This discovery highlights critical security considerations for AI integration in DevOps tools. Organizations should immediately review their CI/CD configurations for any AI-driven components that process untrusted input. Implementing strict input validation, output encoding, and principle of least privilege for AI systems is strongly advised. The incident underscores the emerging threat landscape where traditional software vulnerabilities intersect with AI-specific attack vectors. Security teams must expand their threat modeling to account for prompt injection risks in all AI-augmented development tools.