Wiz researchers discovered a high-severity vulnerability (CVE-2026-3854) in GitHub's git infrastructure that allowed remote attackers full read/write access to private repositories using a single command. By leveraging AI-augmented tools for automated reverse engineering, they rapidly identified the flaw, leading to GitHub issuing fixes within six hours and awarding Wiz one of the largest payouts in its bug bounty history.
https://www.theregister.com/2026/04/29/github_woah_a_genuinely_helpful/

