Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and ...
Ars Technica

Researchers cause GitLab AI developer assistant to turn safe code malicious

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...
Bleeping Computer

GitLab patches critical authentication bypass vulnerabilities

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
TechRepublic

GitLab’s Lemos: AI, Automation are Key to DevSecOps

GitLab's CISO Josh Lemos on securing CI/CD of software with generative AI tools and how automation enables continuous security in the software development supply chain. GitLab, like its competitor ...
Bleeping Computer

GitLab 'strongly recommends' patching max severity flaw ASAP

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. GitLab is a web-based Git ...
TheServerSide

Git vs GitLab: What's the difference?

What’s the difference between Git and GitLab? The key difference between Git and GitLab is that Git is a free, open source version control tool that developers install locally on their machines, while ...