Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
![]()
source https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html
source https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html