Cybersecurity specialists have identified an indirect prompt injection vulnerability in GitLab’s AI assistant, Duo, which might have enabled attackers to exfiltrate source code and insert unverified HTML into its replies. This could subsequently redirect victims to harmful websites.
GitLab Duo serves as an AI-driven coding helper, facilitating users in composing code,