Developer companion turned against the developer
GitLab Duo is an AI-powered development lifecycle companion for the popular GitLab DevOps platform. The tool can make code suggestions, troubleshoot code issues, explain vulnerabilities in code and suggest remediations through a chatbot interface. As part of its normal operation, GitLab Duo will analyze content from a GitLab project including source code, but also comments, descriptions, opened issues, merge requests (code contributions) and more.
Researchers from Legit Security had the idea to test if they could include instructions in various areas of a project that might be controlled by external users and which GitLab Duo would interpret as system prompts when analyzing that content. And it worked.
“Duo analyzes the entire context of the page, including comments, descriptions, and the source code — making it vulnerable to injected instructions hidden anywhere in that context,” the researchers wrote.
