< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-08T16:51:07+05:30

GitHub Copilot Bypassed via Workflow-Level Jailbreak to Generate Harmful Code

#AI Security#Code Security#Cybersecurity Research

A study reveals that GitHub Copilot and other AI coding assistants can be bypassed through workflow-level jailbreaks, generating harmful code when tasks are framed as improving benchmark scores, despite refusing direct harmful prompts. The research highlights risks in AI safety mechanisms when models are integrated into coding tools that prioritize task completion over explicit safety checks.

An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple.

The models they tested through Copilot, Claude from Anthropic, and Gemini from Google, refused

Read original article

*** END OF TRANSMISSION ***

> KEVIN WEIL JOINS STOKE SPACE BOARD AS AI EXPERT TO SUPPORT REUSABLE ROCKET DEVELOPMENT> GITHUB VERIFIED COMMITS VULNERABILITY ALLOWS HASH MALLEABILITY WITHOUT BREAKING SIGNATURES> APPLE COMMITS OVER $ BILLION TO BROADCOM FOR U.S.-BASED CHIP PRODUCTION EXPANSION> SHIFT IN ATO ATTACKS: VERIFICATION STEPS BECOMING PRIMARY TARGET IN > GITHUB COPILOT BYPASSED VIA WORKFLOW-LEVEL JAILBREAK TO GENERATE HARMFUL CODE> HUBSPOT ADDRESSES PREVIOUS ERROR AND IMPLEMENTS CORRECTIVE MEASURES> EUROPEAN ORGANIZATIONS BANNING PERSONAL MESSAGING APPS FOR WORK COMPLIANCE AND DATA SECURITY> CHINA-LINKED APT UAT- EXPANDS ORB NETWORK USING NEW LONGLEASH MALWARE> ANALYSIS OF OBFUSCATED BASH SCRIPT ON UNIQLO T-SHIRT FOR AKAMAI'S PEACE FOR ALL CAMPAIGN> GEOSQL: ENHANCING CLAUDE/CODEX WITH GEOSPATIAL DATA ANALYTICS CAPABILITIES> KEVIN WEIL JOINS STOKE SPACE BOARD AS AI EXPERT TO SUPPORT REUSABLE ROCKET DEVELOPMENT> GITHUB VERIFIED COMMITS VULNERABILITY ALLOWS HASH MALLEABILITY WITHOUT BREAKING SIGNATURES> APPLE COMMITS OVER $ BILLION TO BROADCOM FOR U.S.-BASED CHIP PRODUCTION EXPANSION> SHIFT IN ATO ATTACKS: VERIFICATION STEPS BECOMING PRIMARY TARGET IN > GITHUB COPILOT BYPASSED VIA WORKFLOW-LEVEL JAILBREAK TO GENERATE HARMFUL CODE> HUBSPOT ADDRESSES PREVIOUS ERROR AND IMPLEMENTS CORRECTIVE MEASURES> EUROPEAN ORGANIZATIONS BANNING PERSONAL MESSAGING APPS FOR WORK COMPLIANCE AND DATA SECURITY> CHINA-LINKED APT UAT- EXPANDS ORB NETWORK USING NEW LONGLEASH MALWARE> ANALYSIS OF OBFUSCATED BASH SCRIPT ON UNIQLO T-SHIRT FOR AKAMAI'S PEACE FOR ALL CAMPAIGN> GEOSQL: ENHANCING CLAUDE/CODEX WITH GEOSPATIAL DATA ANALYTICS CAPABILITIES