Vivold Consulting

Microsoft pulls 70+ GitHub repos after a supply-chain hack targeting AI developers' credentials

Key Insights

Microsoft disabled dozens of its open-source GitHub projects - at least 70 - after hackers reportedly injected password-stealing malware into the code. Many affected projects relate to Azure and tools used with AI coding apps like Claude Code, the Gemini CLI, and VS Code, with credentials stolen when developers opened the compromised tools. It's reportedly Microsoft's second such breach in weeks, described as a re-compromise of a previously hit project.

Stay Updated

Get the latest insights delivered to your inbox

A supply-chain attack aimed squarely at AI developers

Microsoft cut off access to dozens of its open-source GitHub projects after hackers apparently breached them and slipped in credential-stealing malware. At least 70 Microsoft projects were disabled, many tied to its Azure cloud service and to tooling developers use with AI coding apps.

How the attack worked

The mechanics are a textbook supply-chain compromise, the kind that's been hitting popular open-source code in recent months:

- The tainted projects included tools commonly used alongside AI coding apps such as Claude Code, Gemini's command-line interface, and VS Code.
- According to security firm Cloudsmith and the malware-analysis site OpenSourceMalware - among the first to flag it - the malware stole users' passwords and other credentials when the compromised tools were opened in those AI coding environments.
- It's not yet known how many people downloaded the affected tools, and the disabled repos now show GitHub's standard terms-of-service takedown notice.

Why this one stands out

Supply-chain attacks are advantageous to attackers precisely because the targeted code is reused across many products or by a specific kind of user - often people with access to cloud systems and large troves of customer data. What makes this case notable is the target: it's relatively rare for a giant like Microsoft, with deep defensive resources, to get breached this way, versus the solo open-source maintainers usually hit. More worrying, it's reportedly Microsoft's second open-source compromise in weeks - described as a re-compromise of its Durable Task project, which suggests either the attackers weren't fully evicted the first time or this is a fresh, distinct breach.

The takeaway for developers

The episode is a pointed reminder that the AI coding boom has widened the attack surface: the more developers wire third-party tools into Claude Code, Gemini, and VS Code workflows, the more those dependencies become a high-value target. The advice that follows from incidents like this is the unglamorous basics - scrutinize what you pull into your toolchain, rotate exposed credentials, and treat even big-vendor open-source code as something that can be compromised.

Related Articles

A US export order pulled Anthropic's top models offline worldwide, igniting an AI-sovereignty backlash

A US export-control directive forced Anthropic to abruptly disable Fable 5 and Mythos 5 for all foreign nationals on June 13, just four days after launch - briefly cutting off even its own overseas staff. Washington cited a jailbreak vulnerability; Anthropic disputed its severity but had to pull global access because it couldn't filter users by nationality in real time. Europe and Canada reacted with alarm, treating it as proof that frontier-AI access can be switched off by a single government overnight.

Huawei's agent-native HarmonyOS 7 moves into the China AI gap Apple can't fill

Four days after Apple confirmed Siri AI won't launch in China, Huawei unveiled HarmonyOS 7, restructuring the OS around an agent-native architecture it calls the beginning of the agent era. Its assistant Xiaoyi, rebuilt as a system-level agent, now drives 2,100+ system capabilities and coordinates 2,000+ third-party AI agents, atop the upgraded openPangu foundation model. With HarmonyOS already past iOS in China's smartphone share, independence forced by US sanctions has become a structural advantage in the one market Apple can't reach at the AI level.

US government orders Anthropic to pull its most powerful models, citing national security

The US government issued an export-control directive forcing Anthropic to immediately disable Fable 5 and Mythos 5 for all customers, citing national security and a reported jailbreak. Anthropic is complying but disputes the basis, arguing the cited technique surfaces only minor, already-known vulnerabilities that rival models can find without any bypass. Every other Claude model remains unaffected and available.