The Attack That Shook the AI Developer Ecosystem
Microsoft has shut down dozens of GitHub repositories for Azure and AI coding tools after a supply chain attack injected password-stealing malware into open source projects. The breach specifically targeted tools used by developers working with AI coding assistants — including Claude Code, Gemini CLI, and VS Code extensions.
What Happened
According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, hackers breached Microsoft's open source repositories and injected malicious code into tools that developers download and run daily. When opened inside AI coding apps, the malware silently harvested passwords and other sensitive credentials stored on developers' machines.
Microsoft confirmed it pulled the affected repositories after being contacted by 404 Media. A company spokesperson said Microsoft "temporarily removed some repositories" while investigating the breach.
Which Tools Were Affected
The attack targeted a range of Microsoft open source projects, many of which integrate directly with popular AI coding environments:
- Azure-related CLI tools used for cloud deployment and management
- AI coding assistant integrations for Claude Code, Gemini CLI, and VS Code
- Developer utility packages hosted on GitHub and package registries
How the Attack Worked
The technique is a classic supply chain attack — compromise the build or distribution pipeline rather than targeting individual users. In this case, attackers injected malicious code into open source packages that were then downloaded by developers worldwide.
Once installed, the malware operated as a credential harvester. When developers authenticated in their AI coding apps, the malware captured tokens, API keys, and passwords — essentially granting attackers access to everything the developer could access.
What Developers Should Do Right Now
If you've used Microsoft open source tools in your AI coding workflow, assume credentials may be compromised:
The Bigger Picture: Open Source Security Is a Shared Responsibility
This incident highlights a growing problem in the AI developer ecosystem. As more developers rely on open source tooling to power their AI coding assistants, the attack surface expands significantly. A single compromised package can compromise thousands of developer environments simultaneously.
The open source model has always relied on trust — trust that maintainers review code, that package registries verify uploads, and that users audit their dependencies. This attack exploited all three at once.
For technical founders and builders, the lesson is clear: your supply chain is your attack surface. Invest in dependency scanning, lock your package versions, and treat open source tooling with the same security rigor you'd apply to production infrastructure.
The security community is still piecing together the full impact. Microsoft's investigation is ongoing, and affected repositories are expected to return once security reviews are complete. Monitor Microsoft's official channels for updates and remediation steps.