In a concerning development for the AI security landscape, a security researcher has revealed that major tech companies including Anthropic, Google, and Microsoft were compromised through prompt injection attacks on their AI agents, yet chose not to disclose the vulnerabilities publicly.
The researcher, Aonan Guan, exploited weaknesses in the GitHub Actions integrations of these AI platforms, successfully hijacking agents to steal API keys and tokens. The vulnerabilities were patched and bug bounties were paid, but no public advisories or CVE (Common Vulnerabilities and Exposures) identifiers were issued, raising questions about transparency and accountability in AI security.
Quiet Fixes, No Public Warnings
According to reports, Anthropic paid a $100 bounty, GitHub issued $500, and Google provided an undisclosed amount. Despite these payments, the affected companies did not publish security advisories or assign CVE identifiers, which are standard practices for alerting the broader security community and users to potential threats. This lack of disclosure leaves other developers and organizations unaware of the risks, potentially exposing them to similar attacks.
Implications for AI Security
The incident highlights a troubling trend in how large tech firms handle AI-related vulnerabilities. While paying bug bounties is a positive step, the silence surrounding these flaws undermines trust and hampers collective efforts to secure AI systems. Prompt injection attacks, where attackers manipulate input to influence AI behavior, are particularly dangerous because they can be subtle and hard to detect. Without public warnings, the broader AI ecosystem remains vulnerable to exploitation.
Security experts are calling for more robust disclosure policies, especially in the fast-evolving AI space. The lack of transparency not only endangers users but also slows progress in building secure AI agents that can be trusted at scale.
