Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft – Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft – Decrypt

By Jason Nelson
Publication Date: 2026-06-06 18:08:00

In brief

  • Microsoft researchers found that Anthropic’s Claude Code GitHub Action could be manipulated through prompt injection attacks.
  • The attack relied on malicious instructions hidden in GitHub issues, pull requests, or comments that the AI agent was asked to review.
  • Anthropic patched the vulnerability in May after Microsoft disclosed the issue through HackerOne.

Microsoft researchers disclosed a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could have allowed attackers to expose credentials stored in software development pipelines by manipulating the AI agent through malicious GitHub content.

In a blog post on Friday, Microsoft warned that AI coding agents running inside CI/CD workflows may create new security risks because those environments often have access to API keys, cloud credentials, and other sensitive information.

“We began this research after observing prompt injection attempts in public repositories using AI-assisted GitHub workflows across…