Ghostcommit Attack Hides Prompts in Images to Steal Secrets from AI Agents
Researchers demonstrate how malicious instructions hidden in PNG images can hijack AI coding assistants to exfiltrate credentials. Claude Code resisted the attack while Cursor and others complied.