March 17, 2026

Hidden Threats in README Files: How AI Agents Can Leak Sensitive Data

Vaibhav March 17, 2026
Hidden Threats in README Files: How AI Agents Can Leak Sensitive Data
Post Views: 4

Newly Discovered Vulnerability in AI-Powered Coding Agents

A newly discovered vulnerability in AI-powered coding agents has been found to potentially leak sensitive data when processing instructions in README files.

Semantic Injection Attack

The attack, known as semantic injection, involves embedding malicious instructions within an installation file, leading to unintended data exposure. Researchers have demonstrated that AI agents can be tricked into sending sensitive local files to external servers in up to 85% of cases.

README Files and Malicious Instructions

README files often contain commands for installing dependencies, running scripts, or configuring applications. Attackers can insert a malicious step that appears to be a normal setup instruction, such as synchronizing files or uploading configuration data. When an AI agent processes this instruction, it may execute the command without checking whether it exposes sensitive data, potentially leading to the transfer of configuration files, logs, or other local data to a remote server.

Testing the Vulnerability

To test the vulnerability, researchers created a benchmark dataset called ReadSecBench, consisting of 500 README files from open-source repositories written in various programming languages. Malicious instructions were inserted into these documents to simulate an attack, and AI agents were used to process the modified documentation during setup. The results showed that the agents consistently executed the hidden instructions, regardless of the programming language used or the location of the malicious instruction within the README file.

Success of the Attack

The success of the attack was found to depend on the wording and structure of the malicious instruction. Direct commands resulted in the highest success rates, with the attack succeeding in approximately 84% of cases. Less direct wording reduced the likelihood of the agent executing the malicious instruction. Additionally, the structure of the documentation played a role, as AI agents frequently follow links within project documentation. When the malicious instruction appeared two links away from the main README file, the attack succeeded in about 91% of tests.

Ineffective Human Reviewers

Human reviewers were also found to be ineffective in detecting the malicious instructions. Fifteen participants reviewed README files and failed to identify the hidden instructions, with most focusing on grammar or wording issues rather than potential security risks.

Ineffective Automated Detection Systems

Automated detection systems were also evaluated, with rule-based scanners frequently flagging legitimate README files due to the presence of commands, file paths, and code snippets. AI-based classifiers produced fewer false positives but still allowed malicious instructions to pass through filters, particularly when they appeared in linked files rather than directly inside the README.

Mitigation and Recommendations

To mitigate this vulnerability, researchers recommend that AI agents treat external documentation as partially-trusted input and apply verification proportional to the sensitivity of the requested action. As AI agents become increasingly integrated into everyday tasks, addressing these vulnerabilities is essential for safe and trustworthy deployment.

Conclusion

The study highlights the need for developers to be aware of the potential risks associated with AI-powered coding agents and to take steps to ensure the security of their projects. By understanding the vulnerabilities and limitations of these agents, developers can take proactive measures to prevent data exposure and protect sensitive information.

“The study highlights the need for developers to be aware of the potential risks associated with AI-powered coding agents and to take steps to ensure the security of their projects.”



About Author

Vaibhav

See author's posts

More Stories

**Title:** "Immediate Response to a Cybersecurity Breach: A 24-Hour Action Plan for Incident Response and Mitigation

Immediate Response to a Cybersecurity Breach: A 24-Hour Action Plan for Incident Response and Mitigation

Vaibhav March 17, 2026
Microsoft Edge 146 Brings Enhanced IP Privacy and Local Network Access Controls

Microsoft Edge 146 Brings Enhanced IP Privacy and Local Network Access Controls

Vaibhav March 16, 2026
Advancing Secure Quantum Key Distribution for Telecom, Data Centers, and Critical Infrastructure with KEEQuant

Advancing Secure Quantum Key Distribution for Telecom, Data Centers, and Critical Infrastructure with KEEQuant

Vaibhav March 16, 2026

Latest Cyber Security News

**Title:** "Immediate Response to a Cybersecurity Breach: A 24-Hour Action Plan for Incident Response and Mitigation

Immediate Response to a Cybersecurity Breach: A 24-Hour Action Plan for Incident Response and Mitigation

Vaibhav March 17, 2026
Hidden Threats in README Files: How AI Agents Can Leak Sensitive Data

Hidden Threats in README Files: How AI Agents Can Leak Sensitive Data

Vaibhav March 17, 2026
Retired Army Officer Falls Victim to Cyber Fraud in Courier Booking Scam

Retired Army Officer Falls Victim to Cyber Fraud in Courier Booking Scam

Vaibhav March 17, 2026
Five Individuals Arrested for Identity Theft and Bank Account Fraud Involving Student Names

Five Individuals Arrested for Identity Theft and Bank Account Fraud Involving Student Names

Vaibhav March 17, 2026
Top Cybersecurity Jobs Available in March 2026: Emerging Trends and In-Demand Roles

Top Cybersecurity Jobs Available in March 2026: Emerging Trends and In-Demand Roles

Vaibhav March 17, 2026
en_USEnglish
en_USEnglish