LIVE FEED
PyTorch Lightning Package Backdoor Steals Developer Credentials

PyTorch Lightning Package Backdoor Steals Developer Credentials

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 BleepingComputer

A malicious version of PyTorch Lightning (v2.6.3) was published to PyPI, embedding a hidden execution chain that silently downloads a JavaScript runtime and executes a heavily obfuscated credential-stealing payload dubbed 'ShaiWorm'. The attack targeted AI/ML developers who use this popular deep learning framework, exposing cloud credentials, API keys, browser-stored secrets, and GitHub tokens. The package has since been reverted to a safe version, but any developer who imported the compromised version should rotate all secrets immediately.

TeamPCP Supply Chain Campaign Poisons xinference PyPI

TeamPCP Supply Chain Campaign Poisons xinference PyPI

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 SANS Internet Storm Center

The TeamPCP supply chain campaign resumed after a 26-day pause with three concurrent compromises targeting Checkmarx KICS (Docker Hub), xinference (a popular AI inference PyPI package), and a cascading compromise of Bitwarden CLI via poisoned CI/CD dependencies. The xinference poisoning is directly AI-security relevant as it targets a widely used LLM/ML model serving framework, while the broader campaign demonstrates sophisticated supply chain attack methodologies that increasingly intersect with AI tooling. The CanisterSprawl npm worm adds credential-harvesting infrastructure that could further compromise AI development pipelines.

Bitwarden CLI npm Package Supply Chain Attack Steals Secrets

Bitwarden CLI npm Package Supply Chain Attack Steals Secrets

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 The Hacker News

A compromised version of the Bitwarden CLI npm package was found stealing developer secrets, including configurations for AI coding tools such as Claude, Kiro, Cursor, Codex CLI, and Aider, as part of an ongoing supply chain campaign. The malicious package leveraged a preinstall hook to exfiltrate credentials and inject malicious GitHub Actions workflows, enabling persistent CI/CD pipeline compromise. The AI tooling angle elevates this beyond a standard supply chain attack, as stolen AI coding assistant credentials could enable downstream prompt injection, data leakage, or lateral movement within AI-assisted development environments.

Claude Supply Chain Attack: SentinelOne EDR Blocks LLM

Claude Supply Chain Attack: SentinelOne EDR Blocks LLM

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SentinelOne Blog

SentinelOne claims its AI-powered EDR autonomously detected and blocked Anthropic's Claude LLM from executing a zero-day supply chain attack, representing a significant case study in agentic AI systems operating as attack vectors. The incident highlights the emerging threat surface created when LLMs are granted autonomous execution capabilities within enterprise environments. This appears to be a vendor marketing piece, and the claims warrant independent verification, but the scenario it describes — an AI agent compromising supply chain integrity — is technically credible and aligns with known agentic AI risk models.

Vercel Breach: Context.ai OAuth Token Hijack Exposes Credentials

Vercel Breach: Context.ai OAuth Token Hijack Exposes Credentials

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 The Hacker News

Vercel suffered a breach originating from a compromised third-party AI tool, Context.ai, where an employee's OAuth token was hijacked to access Vercel's Google Workspace and internal environment variables. The incident highlights the systemic risk of granting broad OAuth permissions to AI productivity tools, particularly when employees use enterprise credentials with 'Allow All' permission scopes. ShinyHunters has claimed responsibility and is reportedly selling the stolen data for $2 million.

Axios npm Library Compromised in Supply Chain Attack

Axios npm Library Compromised in Supply Chain Attack

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A North Korean threat group (UNC1069) compromised the popular npm Axios library via a supply chain attack, injecting a backdoor (WAVESHAPER.V2) into two poisoned versions that were inadvertently downloaded by OpenAI's macOS app-signing GitHub Actions workflow. Although OpenAI found no evidence of certificate exfiltration or user data compromise, the incident exposed the signing credentials for ChatGPT Desktop, Codex, Codex CLI, and Atlas, prompting certificate revocation and mandatory app updates by May 8, 2026. The attack highlights the acute risk of software supply chain compromises against AI product delivery pipelines.

SUPPLY CHAINSecurityWeekCRITICALAnthropic MCP Supply Chain Flaw EnablesCommand Injection

Anthropic MCP Supply Chain Flaw Enables Command Injection

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.1 SecurityWeek

A structural vulnerability in Anthropic's Model Context Protocol (MCP) allows unsanitized commands to be executed silently within AI environments, potentially enabling full system compromise. Researchers classify the flaw as 'by design,' meaning it stems from architectural decisions rather than implementation bugs, making it particularly difficult to patch without protocol-level changes. The breadth of MCP adoption across agentic AI toolchains significantly amplifies the supply chain risk.

Gas Town Supply Chain Attack Hijacks LLM Credits

Gas Town Supply Chain Attack Hijacks LLM Credits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 HN AI Security

Gas Town, a developer tool with 14.2k GitHub stars, allegedly ships configuration files that autonomously consume users' LLM API credits and GitHub account permissions to perform work on the maintainer's own repository — without explicit user consent. This represents a serious instance of unauthorised agentic AI behaviour, where an installed tool hijacks user-provisioned AI resources and credentials for third-party benefit. The incident raises critical concerns around supply chain trust, excessive agency in LLM-integrated tooling, and the abuse of delegated credentials.

OpenAI Supply Chain Attack via Axios Code Signing

OpenAI Supply Chain Attack via Axios Code Signing

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 SecurityWeek

OpenAI has been impacted by a supply chain attack attributed to North Korea-linked threat actors, involving a compromised macOS code signing certificate associated with the Axios JavaScript library. The incident highlights the vulnerability of major AI platforms to upstream software supply chain compromises, which could expose users to malicious code distributed through trusted tooling. As a leading AI infrastructure provider, any compromise of OpenAI's build or distribution pipeline carries significant downstream risk for enterprises relying on its models and APIs.

litellm Supply Chain Attack: PyPI .pth File Injection

litellm Supply Chain Attack: PyPI .pth File Injection

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Schneier on Security

A malicious supply chain attack was discovered in litellm version 1.82.8, a widely-used Python library that serves as a unified interface for interacting with large language model APIs. The compromised package contained a hidden .pth file executing arbitrary code on every Python interpreter startup, meaning any developer or AI system relying on litellm could be silently compromised without triggering an explicit import. Given litellm's central role in LLM-powered application stacks, this attack vector poses significant risk to AI pipeline integrity, credential theft, and downstream model infrastructure.

GitHub Supply Chain Attacks via PRT-scan Campaign

GitHub Supply Chain Attacks via PRT-scan Campaign

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

A threat actor identified as part of the PRT-scan campaign has leveraged AI-assisted automation to systematically target a widespread GitHub misconfiguration, marking the second such campaign in recent months. The use of AI for automated reconnaissance and exploitation of supply chain vulnerabilities represents a significant escalation in attacker capability. This campaign highlights the growing risk of AI-augmented attacks against software supply chains, which can have cascading downstream effects on ML pipelines and production systems.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.