""By leveraging AI-augmented tooling, particularly automated reverse engineering using IDA MCP, we were able to do what was previously too costly. Using AI, we rapidly analyzed GitHub's compiled binaries, reconstructed internal protocols, and systematically identified where user input could influence server behavior across the entire pipeline.""
""Thanks to this new capability, we found a fundamental flaw in how that input flows through GitHub's multi-service architecture. In the pre-AI days, findings of this kind would have taken months' worth of manual analysis by those with extensive experience.""
Wiz researchers identified a high-severity vulnerability in GitHub's infrastructure, enabling remote attackers to gain full access to private repositories. This discovery, linked to CVE-2026-3854, signifies a potential shift in vulnerability detection in closed-source software. Utilizing AI tools, Wiz accelerated the reverse-engineering process, achieving a working exploit in under 48 hours. The flaw stems from GitHub's internal services trusting user inputs during push requests, which could lead to significant security risks. This advancement in AI-assisted analysis could transform both defensive and offensive security strategies.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]