Artists and developers face a new era of supply chain sabotage
Creators relying on modern AI workflows are now facing a stark reality: the very tools designed to accelerate their work can be turned into vectors for credential theft. Microsoft has confirmed it is investigating a significant data breach after hackers embedded malicious code into official repositories used by coding agents. This means that when developers or artists open specific packages within AI environments like Claude Code or Gemini CLI, their login details are at risk of being harvested instantly.
The scale of the shutdown
Following the discovery of the threat, Microsoft took immediate action by disabling over 70 of its own repositories on GitHub. The move affected critical infrastructure, including the entire Azure Functions organisation, the Durable Task family, and a suite of sample AI applications. According to a statement provided to 404 Media on Monday, the company temporarily removed these repositories to investigate potential malicious content.
GitHub staff confirmed the status on the affected pages, noting that access was disabled due to a violation of terms of service. The rapidity of the response was highlighted by OpenSourceMalware.com, which reported that GitHub disabled 73 Microsoft repositories across four organisations in a mere 105-second sweep on June 5.
A targeted attack on AI agents
Research from StepSecurity indicates that the closures followed a malicious commit pushed to the durabletask repository. This attack injected configuration files specifically designed to compromise user credentials when the repositories were opened in popular development environments. The targeted tools included Claude Code, Gemini CLI, Cursor, and VS Code.
The group behind the attack, TeamPCP, has a history of such operations. They previously compromised Microsoft’s durabletask package in May, releasing three malicious versions of the tool. WIRED has previously documented TeamPCP’s aggressive campaign, noting they have executed a wide range of supply chain attacks impacting hundreds of organisations earlier this year.
Consequently, any GitHub Actions workflows dependent on these disabled repositories will cease to function. The situation suggests that Microsoft’s initial security measures following the earlier compromise were insufficient to prevent the malware from reaching production environments.
Frustration has mounted among the developer community. One user on a Microsoft forum thread questioned why the implications of this breach were not communicated more clearly, highlighting the confusion caused by the sudden unavailability of essential cloud computing resources.
Key takeaways
Microsoft disabled 73 of its own GitHub repositories in under two minutes after discovering malware targeting AI coding agents like Claude Code and Gemini CLI.
Researchers from StepSecurity confirm the threat involved configuration files designed to harvest user credentials, a tactic attributed to the hacker group TeamPCP.
The incident exposes significant gaps in supply chain security, as the initial compromise allowed malicious code to persist until the mass shutdown on June 5.
Developers must now audit their workflows, as any GitHub Actions relying on the disabled Azure or Durable Task repositories will fail until further notice.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.
