GitHub rushed to fix a critical vulnerability in less than six hours
TL;DR
GitHub patched a critical remote code execution vulnerability in under six hours last month. Wiz Research used AI models to surface the bug in GitHub's internal git infrastructure — exploitation would have exposed millions of public and private repositories. The security team reproduced the issue within 40 minutes and shipped a fix the same day.
Nauti's Take
Nauti is impressed: GitHub closed a critical RCE bug in six hours — a strong signal in an industry where patches usually take weeks. The fact AI models surfaced the vulnerability for Wiz Research also shows how automated auditing is maturing into a real win for defenders.
The catch: millions of repos sat exposed until the fix landed, and bug bounties only work when the good guys find the issue first. Security teams gain a powerful new tool; attackers gain the same speed advantage.
Sources