PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 13th October 2025
Welcome back!
GitHub Copilot Chat has been compromised by a sophisticated attack method that turns AI assistance into a data theft vector, with hackers successfully extracting API keys and zero-day exploits through cleverly disguised prompt injections.
The 'CamoLeak' vulnerability demonstrates how AI tools with broad repository access can become prime targets for exfiltration attacks. As these assistants gain deeper integration into our development workflows, are we inadvertently creating new attack surfaces that traditional security measures can't address?
In today's Cyber Chronicle:
GitHub Copilot's critical data leak vulnerability
Anthropic reveals AI poisoning takes just 250 documents
North Korean hackers use AI for remote job infiltration
China leverages ChatGPT for multilingual espionage campaigns
GitHub's AI Copilot Leaks Private Code
What you need to know: Researchers discovered a critical vulnerability in GitHub Copilot Chat, dubbed 'CamoLeak', that allowed attackers to silently steal sensitive data like API keys and even zero-day exploits from private code repositories.
Why is it relevant?:
The attack began with a remote prompt injection, where malicious instructions were hidden inside a pull request description that would activate when a victim asked Copilot about the PR.
To exfiltrate data, the exploit cleverly bypassed GitHub's security policies by instructing Copilot to encode stolen text into a series of invisible image URLs, using the platform's own image proxy to send the data to an attacker-controlled server.
This technique gave attackers full control over Copilot’s responses, enabling them to suggest malicious code in addition to leaking secrets from a user's entire codebase.
Bottom line: This incident highlights how AI assistants' growing access to private data dramatically expands the potential attack surface. Securing these powerful tools requires a new focus on defending against AI-specific threats like prompt injection, not just traditional code vulnerabilities.
The AI Poison Pill
What you need to know: New research from Anthropic reveals that poisoning Large Language Models is alarmingly practical, requiring a small, fixed number of malicious documents to create a backdoor vulnerability.
Why is it relevant?:
The study found that as few as 250 malicious documents can successfully compromise models ranging from 600M to 13B parameters.
This challenges the long-held assumption that attackers must control a percentage of training data, suggesting the absolute count of poisoned documents is what matters.
Researchers created a denial-of-service backdoor where a specific trigger phrase caused the model to generate gibberish, demonstrating a tangible attack vector detailed in their full paper.
Bottom line: This finding suggests the barrier to entry for data poisoning attacks is lower than previously believed, making it a more accessible threat. Security teams must now consider new defenses that can detect a small number of anomalies within massive training datasets.
North Korea's AI Job Seekers
What you need to know: North Korean state-sponsored hackers are now using AI to fabricate identities and résumés, successfully landing remote tech jobs and creating a sophisticated insider threat.
Why is it relevant?:
This operation has expanded beyond big tech, now targeting finance, healthcare, and professional services, with over a quarter of targets located outside the US.
The campaign is a key part of the regime's fundraising, which has already stolen over $2 billion in cryptoassets this year alone.
Gaining employment provides more than just a salary; it establishes critical internal access that can be leveraged for data theft, extortion, or future cyber operations.
Bottom line: AI makes it easier for state actors to craft convincing fake personas that can bypass traditional HR screening. This trend pressures companies to evolve beyond pre-hire background checks and implement continuous identity verification for all remote workers.
The Gold standard for AI news
AI will eliminate 300 million jobs in the next 5 years.
Yours doesn't have to be one of them.
Here's how to future-proof your career:
Join the Superhuman AI newsletter - read by 1M+ professionals
Learn AI skills in 3 mins a day
Become the AI expert on your team
China's ChatGPT-Powered Espionage
What you need to know: A China-aligned threat actor is using OpenAI's ChatGPT to generate multi-language phishing emails and assist in developing a new backdoor, according to new research from Volexity. The group, tracked as UTA0388, is leveraging the AI for cyber espionage campaigns targeting organizations in North America, Asia, and Europe.
Why is it relevant?:
UTA0388 uses ChatGPT to quickly scale its multilingual spear-phishing campaigns, creating convincing emails in English, Chinese, Japanese, and German that would otherwise require significant human effort.
The campaigns deploy a new backdoor called GOVERSHELL, which is under active development with five distinct variants observed, suggesting rapid, possibly AI-assisted, iteration.
Researchers identified the actor's use of AI through tell-tale AI-generated errors, including nonsensical email content, fabricated personas, and bizarre files left inside the malware payloads.
Bottom line: Generative AI is lowering the operational barrier for state-sponsored groups to launch tailored, high-volume attacks. Defense teams must now adapt their detection models to spot the unique artifacts and errors that distinguish AI-driven threats from human operators.
The Shortlist
EclecticIQ expanded its AI Suite for threat intelligence with new productivity tools, including automated report summarization, content generation from templates, and in-platform translation.
Citizen Lab uncovered a coordinated, AI-driven disinformation campaign likely backed by Israel that used deepfakes and AI-generated content on X to push anti-government propaganda targeting Iranians.
Realm.Security raised $15 million in Series A funding to expand its AI-native Security Data Pipeline Platform, which aims to streamline SOC operations by filtering and structuring security data in real-time.
Guardia Civil dismantled the "GXC Team" cybercrime syndicate in Spain, arresting its leader for operating a crime-as-a-service platform that sold AI-powered phishing kits and Android malware.
AI Influence Level
Level 4 - Al Created, Human Basic Idea / The whole newsletter is generated via a n8n workflow based on publicly available RSS feeds. Human-in-the-loop to review the selected articles and subjects.
Reference: AI Influence Level from Daniel Miessler
Till next time!
Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.