<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Software-Security on Compile My Mind</title>
		<link>https://www.compilemymind.com/tags/software-security/</link>
		<description>Recent content in Software-Security on Compile My Mind</description>
		<generator>Hugo</generator>
		<language>en</language>
		
		
		
		
			<lastBuildDate>Sun, 12 Jul 2026 22:37:24 +0300</lastBuildDate>
		
			<atom:link href="https://www.compilemymind.com/tags/software-security/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>How Ghostcommit Prompt Injections Bypass AI Code Review Agents</title>
				<link>https://www.compilemymind.com/posts/ghostcommit-prompt-injection-ai-code-review-bypass/</link>
				<pubDate>Sun, 12 Jul 2026 22:37:24 +0300</pubDate>
				<guid>https://www.compilemymind.com/posts/ghostcommit-prompt-injection-ai-code-review-bypass/</guid>
				<description>&lt;p&gt;Ghostcommit is a useful case study in why multimodal AI code-review agents need the same trust boundaries as any other security-sensitive automation. The attack does not depend on a conventional source-code vulnerability; it abuses the agent&amp;rsquo;s ability to treat untrusted repository content as instructions.&lt;/p&gt;&#xA;&#xA;&#xA;&#xA;&#xA;&#xA;&#xA;&#xA;&#xA;&lt;blockquote class=&#34;blockquote-regular&#34;&gt;&#xA;  &lt;p&gt;&lt;strong&gt;Reading path:&lt;/strong&gt; Start with the core security model, connect it to the real-world scenario, and finish with the controls or checklist that make the idea actionable.&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
