GitHub engineers patched a critical remote code execution vulnerability in under six hours after it was discovered through the use of artificial intelligence models. The flaw, found in GitHub's internal git infrastructure, could have allowed attackers to access millions of public and private code repositories.
Security researchers from Wiz identified the vulnerability using AI models and reported it via GitHub's bug bounty program. Within 40 minutes, GitHub's security team reproduced the issue and began work on a fix. The patch was fully deployed in less than six hours, preventing potential exploits.
The vulnerability, tracked as CVE-2026-3854, underscores the increasing role of AI in cybersecurity—both for finding flaws and for defending systems. GitHub has not disclosed details of the exploit to give users time to update, but confirmed that no evidence of malicious exploitation has been found.
This rapid response highlights the importance of coordinated vulnerability disclosure and the value of AI-assisted security research in protecting critical infrastructure.