Agentic AI Module Added To NHI Training Course

Forums
The Non-Human & AI ...
NHI Breaches
CrewAI GitHub Token...
 
Notifications
Clear all

CrewAI GitHub Token Leak Exposes Source Code

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Prominent Member
Joined: 8 months ago
Posts: 276
Topic starter 18/12/2025 9:47 am  

Executive Summary

In September 2025, researchers from Noma Labs uncovered a significant security breach involving CrewAI’s platform. The incident was triggered by a critical flaw in the system’s exception handling, leading to the unintended exposure of an internal GitHub token with admin-level access. This vulnerability, known as “Uncrew,” was rated with a high severity score of 9.2 on the CVSS scale, highlighting the potential for full repository compromise, code theft, and a broader supply-chain risk. The exposed token allowed access to sensitive source code and proprietary information, affecting the integrity of CrewAI’s GitHub infrastructure. Immediate action was taken by CrewAI, who issued a security patch within hours to rectify the issue and secure the compromised credentials.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • September 2025: The vulnerability was discovered during routine security research by Noma Labs.
  • Immediate patch released by CrewAI within hours of the breach disclosure.

Data Compromised

  • Admin-level GitHub access token exposed, enabling potential access to all repositories.
  • Sensitive source code and proprietary algorithms could be at risk of theft and exploitation.

Impact Assessment

  • The breach poses a severe threat to CrewAI’s intellectual property and operational security.
  • Potential downstream effects could impact clients and partners relying on CrewAI’s technology.

Company Response

  • CrewAI acted promptly to revoke the exposed token and implemented an immediate security patch.
  • Ongoing investigations are being conducted to assess the full scope of the breach.

Security Implications

  • The incident underscores the need for robust exception handling and security practices in software development.
  • Organizations are urged to regularly audit their token management to prevent similar breaches.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.



   
Quote
Topic Tags
Data Breach Cybersecurity Software Development GitHub Security CrewAI
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (78) , Cybersecurity (111) , Software Development (5) , GitHub Security (5) , CrewAI (2) ,
Share:

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.