A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a
![]()
source https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html
source https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html