Prompt Injection Just Hit CI/CD Pipelines — Here’s How

Description

A new class of vulnerability is emerging in CI/CD pipelines as organizations embed AI into GitHub Actions and workflows. In this episode, Aikido researcher and bug bounty hunter Ran Dalman explains PromptPwned — a prompt injection flaw that allows attackers to exfiltrate secrets from CI/CD systems using untrusted user input. We break down how it works, why large companies like Google were impacted, and how to safely use AI in CI/CD without introducing supply chain risk. 00:00 — CI/CD pipelines, GitHub Actions, and recent supply chain attacks 00:01:11 — Introducing PromptPwned and why AI in CI/CD is risky 00:01:38 — How AI is being used inside GitHub Actions today 00:02:07 — How untrusted user input leads to prompt injection 00:03:25 — How attackers trigger vulnerable workflows 00:04:31 — Why this vulnerability is different from past CI/CD issues 00:05:36 — Why companies use AI for issue triage despite the risks 00:06:40 — Why large organizations are most exposed 00:07:09 — Real-world impact: Google and other major companies 00:08:49 — How to fix it: limiting permissions and safe AI usage