On June 5, 2026, GitHub's anti-fraud system disabled 73 Microsoft GitHub repositories compromised by credential-stealing malware called Miasma. The self-replicating worm, based on the Mini Shai-Hulud codebase from hacking group TeamPCP, represents the first major supply chain attack specifically targeting AI coding assistants. The malware steals developer credentials instantly when infected repositories are opened in AI coding tools, without requiring code execution.
AI Coding Tools Create New Attack Vector
Miasma exploits a novel security boundary: the act of opening a repository with AI coding agents. Tools like Claude Code, Gemini CLI, and VS Code with AI extensions have direct access to credentials and development environments. When developers open infected repositories using these tools, Miasma triggers automatically—transforming what was previously a safe action into a security vulnerability. Traditional security measures weren't designed to address this attack surface, as they assume opening a repository is read-only and safe.
Microsoft Confirms Breach of Azure and AI Development Tools
Many affected repositories relate to Microsoft's Azure cloud service and AI development tools. A Microsoft spokesperson confirmed the incident: "We have temporarily removed some repositories as we investigated potential malicious content." Some repositories were restored after review, while others remain offline. The scope of credential theft remains under investigation, though the targeting of AI development tools suggests the attackers specifically sought access to cloud infrastructure and machine learning environments.
Supply Chain Implications for AI Development
This incident demonstrates how the rapid adoption of AI coding assistants has created new supply chain vulnerabilities. The attack succeeded because AI agents require elevated privileges to function effectively—including access to credentials, file systems, and development environments. Security researchers note that the growing use of these tools across the industry means similar attacks could target other major technology companies. The Miasma worm's self-replicating nature also raises concerns about rapid spread across interconnected development environments.
Key Takeaways
- GitHub disabled 73 Microsoft repositories on June 5, 2026, after detecting Miasma credential-stealing malware based on Mini Shai-Hulud code
- The attack exploits AI coding agents (Claude Code, Gemini CLI, VS Code) by stealing credentials when developers simply open infected repositories
- Affected repositories primarily involve Microsoft Azure and AI development tools, with some restored and others remaining offline
- This represents the first major supply chain attack specifically targeting AI coding assistants, which have elevated access to credentials and development environments
- The incident reveals a new class of security vulnerabilities that traditional measures weren't designed to address