tech
April 15, 2026
Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws
Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each case. All three companies paid bug bounties quietly, $100 from Anthropic, $500 from GitHub, an undisclosed amount from Google, but none published public advisories or assigned CVEs, leaving users on older versions unaware of the risk.
TL;DR
- AI agents from Anthropic, Google, and Microsoft are vulnerable to prompt injection attacks that can steal API keys and tokens.
- Researcher Aonan Guan successfully exploited vulnerabilities in Anthropic's Claude Code Security Review, Google's Gemini CLI Action, and GitHub's Copilot Agent.
- The companies paid bug bounties but did not issue public advisories or CVEs for the vulnerabilities.
- The attacks exploit the inability of AI models to reliably distinguish between trusted data and malicious instructions.
- The lack of disclosure means users running older versions of these AI integrations may remain unaware of the security risks.
- The issue is a structural problem in AI agent design, not an isolated bug, with similar vulnerabilities found in other AI tools and agent marketplaces.
- There is no established framework for disclosing AI agent vulnerabilities, unlike traditional software bugs.
Continue reading the original article