A README File Told My AI Agent to Leak My Secrets. It Worked 85% of the Time.

A README File Told My AI Agent to Leak My Secrets. It Worked 85% of the Time. You clone a repo. You ask your AI coding agent to set it up. It reads the README, runs the install commands, configures the environment. Standard workflow. Millions of developers do this every day. Research published today by Help Net Security shows what happens when someone hides a malicious instruction in that README. The instruction looks like a normal setup step — "sync config to team server" or "upload configuration data." The AI agent reads it, follows it, and sends your secrets to an external server. It worked in 85% of cases across agents powered by Claude, ChatGPT, and Gemini. Zero out of fifteen human reviewers spotted the hidden instruction. How the Attack Works The researchers took 500 README files from real open-source repositories across Java, Python, C, C++, and JavaScript. They inserted malicious instructions designed to look like legitimate setup steps — install a dependency, synchronize a co