A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab ...

Researchers from security firm Legit on Thursday demonstrated an attack that induced Duo into inserting malicious code into a ...

Indirect prompt injection in GitLab Duo exposed private source code and inserted malicious HTML into AI responses, risking ...

Hackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's ...

Developer platform GitLab today announced a new AI-driven security feature that uses a large language model to explain potential vulnerabilities to developers, with plans to expand this to ...

Researchers managed to trick GitLab’s AI-powered coding assistant to display malicious content to users and leak private ...

The release is for versions 17.3.2, 17.2.5, and 17.1.7 for both GitLab Community Edition (CE) and Enterprise Edition (EE), and patches a total of 18 security issues as part of the bi-monthly ...

GitLab releases patch for nine flaws, including two critical severity ones The critical flaws allowed threat actors to bypass ...

GitLab 18 includes Duo’s AI-powered Code Suggestions for code completion and code generation, and AI-powered Chat.

The breaking changes of GitLab 18.0, which are classified as high impact, focus regarding security. This affects the CI/CD job tokens introduced with GitLab 14.4 and the dependency proxy.