GitHub Rushed to Fix a Critical Vulnerability in Less than Six Hours

Wiz Research leveraged artificial‑intelligence models to uncover a remote code execution flaw hidden deep within GitHub’s internal git binaries. The vulnerability, classified as critical, could have granted an attacker unrestricted access to both public and private repositories, potentially exposing millions of lines of proprietary code. While the exact AI algorithm remains undisclosed, the find marks one of the first instances where closed‑source software was compromised through machine‑learning‑driven analysis, signaling a shift in how security researchers locate high‑impact bugs.

GitHub’s security team moved swiftly. Within 40 minutes the bug bounty report was reproduced, and an engineering fix was rolled out to GitHub.com and Enterprise Server in just over an hour. A forensic sweep confirmed no evidence of exploitation, allowing the company to close the incident in under six hours from initial disclosure. The reward granted to the researcher ranks among the program’s highest, reinforcing the value GitHub places on proactive vulnerability hunting and the effectiveness of its coordinated disclosure process.

The episode highlights two emerging trends. First, AI‑augmented tooling is becoming a mainstream asset for uncovering flaws that traditional static analysis may miss, prompting vendors to invest in similar capabilities. Second, rapid incident response—demonstrated by GitHub’s sub‑six‑hour remediation—sets a new benchmark for cloud‑native platforms where downtime can erode developer confidence. As enterprises increasingly rely on hosted code repositories, the combination of AI‑driven discovery and agile patch deployment will be critical to maintaining security posture and market trust.