Breach Overview

Microsoft has taken the extraordinary step of disabling more than 70 of its own GitHub repositories after cybersecurity researchers discovered that hackers had planted malware designed to steal credentials from users of AI coding agents. The repositories included those related to Azure and various AI coding tools, signaling a sophisticated supply-chain attack targeting developers who rely on AI-assisted coding platforms.

Malware Targets AI Coding Tools

According to researchers who identified the breach, the malware was specifically crafted to harvest credentials when unsuspecting users opened compromised packages within AI coding environments such as Claude Code and Gemini CLI. These tools, developed by Anthropic and Google respectively, are increasingly used by developers to automate code generation and review. By embedding malicious code into Microsoft's own repositories, the attackers aimed to compromise a wide swath of the developer ecosystem.

Image description
More in AI & Robotics

Microsoft Research's Lens: Detailed Captions Beat Raw Scale for Efficient Image Generation

Microsoft Research unveils Lens, a 3.8B parameter text-to-image model that matches 80B rivals using one-fifth the compute, thanks to 800M detailed captions and smart architecture.

Read article

Microsoft's Response

In a statement to 404 Media, Microsoft confirmed that it had shut down the affected repositories as part of an ongoing investigation. The company did not disclose the exact number of repositories impacted, but researchers have counted more than 70 disabled repositories. Microsoft also pointed to a particular package that had been previously compromised, though details remain scarce. The company urged users to review their own security practices and to be cautious when integrating third-party packages into AI coding workflows.

Implications for AI Security

This incident highlights a growing vulnerability in the software supply chain as AI coding agents become more prevalent. Unlike traditional malware that targets end-users, this attack specifically targeted the credentials used to authenticate with AI services, potentially giving attackers access to proprietary code and sensitive projects. Security experts warn that as AI tools become more integrated into development pipelines, they also become attractive targets for cybercriminals.

Apple's AI Siri Update Is Finally Here
More in AI & Robotics

Apple Unveils Siri AI with Gemini Integration at WWDC 2026

After years of anticipation, Apple finally launches Siri AI at WWDC 2026, powered by Google's Gemini for agentic capabilities across apps and devices.

Read article

What Developers Should Do

In the wake of this breach, developers are advised to rotate any credentials that may have been exposed, enable multi-factor authentication on their GitHub and AI tool accounts, and carefully audit any packages they have recently installed from Microsoft's repositories. Additionally, organizations should review their use of AI coding agents and consider implementing stricter access controls and monitoring for unusual activity.

Conclusion

The shutdown of over 70 Microsoft GitHub repositories represents one of the most significant supply-chain attacks targeting AI coding tools to date. As the investigation continues, the incident serves as a stark reminder that the convenience of AI-assisted development comes with new security risks that must be proactively managed.

This article is based on reporting by 404 Media. Read the original article.

A photo illustration of Microsoft AI CEO Mustafa Suleyman.
More in AI & Robotics

Microsoft AI CEO Mustafa Suleyman Predicts Superintelligence Is Near, But Says It Won't Replace Human Jobs

In a wide-ranging podcast interview, Microsoft AI CEO Mustafa Suleyman discusses the imminent arrival of superintelligence, his criticism of Anthropic's anthropomorphism, and why he believes AI will augment rather than

Read article

Originally published on 404media.co