What Happened
In June 2026, a sophisticated supply chain attack labeled the Miasma Worm hit Microsoft hard — 73 GitHub repositories were compromised, and GitHub took the unusual step of taking them offline proactively. The attack wasn't aimed at random developers. It was precision-targeted at AI coding agents.
Attackers injected credential-stealing code into packages that AI coding tools like GitHub Copilot, Cursor, and similar agents pull from GitHub during normal operation. When these agents executed the poisoned code, developer tokens, API keys, and cloud credentials were silently exfiltrated.
Why AI Coding Agents Were the Target
Traditional supply chain attacks target human developers — a malicious npm install or pip install hoping a developer won't notice. Miasma took a different approach. AI coding agents execute code more automatically and with less human scrutiny. They also have broader access to repositories, secrets, and cloud environments.
In short: AI agents have more surface area, and that surface was exploited.
Key Facts
- 73 repositories disabled by GitHub/Microsoft
- Azure Functions GitHub Action was among the compromised tools
- The attack kit went open source after the initial breach, lowering the barrier for copycat attacks
- Both personal access tokens (PATs) and cloud credentials were reportedly stolen
- Microsoft's own internal repositories were also affected
What Builders Need to Do Right Now
1. Rotate Your Credentials
If you've used GitHub Copilot, Cursor, or any AI coding agent that accessed Microsoft-owned repositories in the past 60 days, rotate your GitHub personal access tokens and any associated cloud API keys. Assume compromise.2. Audit GitHub Actions Workflows
Review any GitHub Actions workflows in your repositories that interact with AI coding tools. Check for:- Unknown or new steps added to CI/CD pipelines
- Outgoing network calls to unfamiliar destinations
- Unauthorized secret access
3. Use Environment Isolation
Run AI coding agents in sandboxed environments with minimal privilege. Avoid giving agents access to production environments or long-lived credentials.4. Monitor for Anomalous GitHub Activity
Enable GitHub's audit log monitoring and set alerts for:- New OAuth app authorizations
- Unfamiliar repository access patterns
- Credential export events
The Bigger Picture
This attack exposes a fundamental tension in the AI coding era: agents need broad access to be useful, but broad access creates catastrophic failure modes when compromised. The Miasma Worm shows that attackers are already adapting their playbooks to target AI tooling specifically.
Security frameworks designed for human-only development pipelines need urgent updates. The industry will need to rethink how AI agents authenticate, what resources they can access, and how we audit their actions.
Stay Vigilant
This story is still developing. Follow the Miasma Worm coverage on The Hacker News and StepSecurity's detailed analysis for ongoing updates.
*This article will be updated as more details emerge.*