GitHub Copilot chat disables image rendering to block CamoLeak exfiltration
Security Tool/Service
Summary
Hide ▲
Show ▼
GitHub Copilot chat has disabled all image rendering to block the CamoLeak image-based exfiltration path, reducing the risk that prompt-injected instructions can leak sensitive data through rendered pixels. The mitigation matters because the technique was designed to bypass the Camo proxy and selectively expose passwords, private keys, tokens, and credentials. GitHub says the change has been in place since August.
Related Happenings
GitHub git push RCE (CVE-2026-3854)
Vulnerability
First: 29.04.2026 15:41
Last: 29.04.2026 15:41
Sources 1
About this happening:
GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
GitHub git push RCE (CVE-2026-3854)
VulnerabilityAbout this happening: GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...
GitHub CVE-2026-3854 security patch release
Security Patch Release
First: 29.04.2026 15:41
Last: 29.04.2026 15:41
Sources 1
About this happening:
**GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...
GitHub CVE-2026-3854 security patch release
Security Patch ReleaseAbout this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...
GitHub Codespaces malicious repository or pull request RCE remote code execution flaw
Vulnerability
First: 05.02.2026 16:30
Last: 05.02.2026 16:30
Sources 1
About this happening:
**GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...
GitHub Codespaces malicious repository or pull request RCE remote code execution flaw
VulnerabilityAbout this happening: **GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...
GitHub Copilot CamoLeak prompt-injection PoC with Camo-bypass pixel exfiltration
Technical Analysis
First: 09.10.2025 22:56
Last: 09.10.2025 22:56
Sources 1
How related:
This required GitHub to fetch the relevant pixels from the attacker-controlled site. As the site fed those images to GitHub in sequence — the A image, then the W image, and so on — the attacker would in turn glean the password that was being rendered, all without having to "exfiltrate" any actual data.
About this happening:
A **GitHub Copilot** proof-of-concept shows **prompt injection** can still force selective leakage of **passwords, private keys, and tokens**, even when **GitHub Camo** blocks dir...
GitHub Copilot CamoLeak prompt-injection PoC with Camo-bypass pixel exfiltration
Technical AnalysisHow related: This required GitHub to fetch the relevant pixels from the attacker-controlled site. As the site fed those images to GitHub in sequence — the A image, then the W image, and so on — the attacker would in turn glean the password that was being rendered, all without having to "exfiltrate" any actual data.
About this happening: A **GitHub Copilot** proof-of-concept shows **prompt injection** can still force selective leakage of **passwords, private keys, and tokens**, even when **GitHub Camo** blocks dir...
Timeline
-
09.10.2025 22:56 2 articles · 7mo ago
GitHub disables image rendering in Copilot chat
Mitigation Patch UpdateGitHub disabled all image rendering in Copilot chat to block the CamoLeak exfiltration path that used hidden pull-request prompt injection and Camo image requests to leak passwords, private keys, tokens, and credentials. GitHub says the control has been in place since August.
Show sources
- GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data — www.darkreading.com — 09.10.2025 22:56
- GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data — www.darkreading.com — 09.10.2025 22:56