GitHub rushed to fix a critical vulnerability in less than six hours | The Verge

NewsAITechGitHub rushed to fix a critical vulnerability in less than six hoursA critical remote code execution vulnerability was discovered using an AI model and patched within hours.A critical remote code execution vulnerability was discovered using an AI model and patched within hours.by Tom WarrenApr 29, 2026, 10:04 AM UTCLinkShareGiftImage: Alex Castro / The VergeTom Warren is a senior correspondent and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI models to uncover a vulnerability in GitHub’s internal git infrastructure that could have allowed attackers to access millions of public and private code repositories.“Our security team immediately began validating the bug bounty report. Within 40 minutes, we had reproduced the vulnerability internally and confirmed the severity,” explains Alexis Wales, GitHub chief information security officer. “This was a critical issue that required immediate action.”GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both GitHub.com and GitHub Enterprise Server. “In less than two hours we had validated the finding, deployed a fix to github.com, and begun a forensic investigation that concluded there was no exploitation,” says Wales. This meant the issue was fixed within six hours of the report from ...