Developer companion turned in opposition to the developer
GitLab Duo is an AI-powered growth lifecycle companion for the favored GitLab DevOps platform. The software could make code options, troubleshoot code points, clarify vulnerabilities in code and counsel remediations via a chatbot interface. As a part of its regular operation, GitLab Duo will analyze content material from a GitLab challenge together with supply code, but in addition feedback, descriptions, opened points, merge requests (code contributions) and extra.
Researchers from Legit Safety had the thought to check if they may embrace directions in numerous areas of a challenge that may be managed by exterior customers and which GitLab Duo would interpret as system prompts when analyzing that content material. And it labored.
“Duo analyzes your complete context of the web page, together with feedback, descriptions, and the supply code — making it weak to injected directions hidden anyplace in that context,” the researchers wrote.
