Apex Security Researchers Find Two New GitHub Copilot Vulnerabilities

Exploits Leave Organizations at Increased Security and Compliance Risk Amid Rising AI Agent Adoption

(Tel Aviv, Israel – January 30, 2024) – Sequoia- and Sam Altman-backed Apex, the leader in AI security, today announced its researchers uncovered two significant GitHub Copilot vulnerabilities: Affirmation Jailbreak and Proxy Hijacking. Both vulnerabilities leave organizations open to security, compliance, and financial risks, and both of which have been flagged to and remain unfixed by GitHub.

GitHub Copilot: Affirmation Jailbreak – This vulnerability enables the manipulation of GitHub Copilot suggestions, allowing users to bypass the inherent guardrails of GitHub Copilot for safe and responsible AI use. Leveraging fake user-assistant conversations embedded in code, attackers can bypass GitHub Copilot’s built-in restrictions, enabling the assistant to provide harmful and dangerous code snippets and suggestions and guidance on illicit activities.

“This could have serious implications for organizations from a regulatory and compliance perspective—be it wittingly or otherwise. If employees using AI ultimately leverage the copilot in a way to cause damage or inflict harm, they’ll be opening their employers up to allegations of compliance violations both within the US and the EU. As we’ve seen in recent years, this can be a costly situation to find yourself—financially and reputationally,” commented Apex Co-founder and CPO, Tomer Avni.

GitHub Copilot: Proxy Hijacking – This vulnerability enables the manipulation of Github Copilot proxy settings, allowing users to configure unrestricted LLMs for their usage, bypassing internal protocols and access limitations.

“There are guardrails in place, GitHub is trying to provide embedded security but at the end of the day it is like any hacker and prevention relationship: Malicious actors will continue to work to find and exploit vulnerabilities, just as fast if not faster than the prevention measures can be implemented. That’s why the security industry was created, and why a dedicated AI security layer is important for companies to consider–especially amid rising enterprise AI adoption,” concluded Avni.

These vulnerabilities come to light amid the staggering rise of agenetic AI and in particular, the widespread adoption of AI code assistants. By 2028, Gartner anticipates 75% of enterprise software engineers will use AI code assistants, up from less than 10% in early 2023. Moreover, the enterprise software application is anticipated by Gartner to grow to a $662B market by 2028. That could mean putting nearly $500B of the enterprise market—and the corresponding companies– at substantial risk of allegations of AI copilot abuse, and potential costly fines from regulation violations, and leave them open to security attacks from malicious attackers who know how to exploit the vulnerabilities.

Yet, at the time of authorship, GitHub declined to pursue prioritized remediation. Instead, they stressed the importance of individual user responsibility to prevent the copilot from being exploited in this manner.  Researchers from Apex have responsibly disclosed their findings with GitHub.

About Apex 

Apex is a leading AI security platform, designed to empower organizations to use AI securely, as AI is adopted at a whirlwind pace. Apex offers a security platform that gives organizations a complete picture of their AI activity, allowing them to use these tools freely and gain an advantage while avoiding data leaks, malicious data manipulation and actions, privacy and legal violations, and AI cyberattacks. Learn more at Apexhq.ai