Hackers Poison Microsoft’s Code to Hijack Artificial Intelligence Developer Passwords

Microsoft just slammed the brakes on dozens of its own open source projects hosted on GitHub. The tech giant rushed to lock down these repositories after discovering that clever hackers managed to break into the accounts, injecting nasty password-stealing malware directly into the source code.

A massive portion of the compromised code connects directly to Microsoft’s cloud ecosystem, Azure. The breach also hit critical developer tools that engineers use daily to build modern artificial intelligence applications. Compromised software packages included popular developer assets like Claude Code, Gemini’s command line interface, and VS Code extensions.

Security firm Cloudsmith alongside the malware tracking community site OpenSourceMalware first spotted the malicious changes. They found that the hidden code quietly harvested user passwords and highly sensitive cloud credentials. The moment an engineer opened a compromised tool inside their AI coding environment, the malware sprang to life, stealing their access keys.

We do not know exactly how many software engineers accidentally downloaded the poisoned tools before Microsoft acted. However, Microsoft confirmed it pulled the dirty repositories down immediately to stop the bleeding. Company spokesperson Ben Hope stated that the security team temporarily removed a group of repositories while they investigated the potential malicious content. While the internal team restored a handful of safe repositories after a thorough review, several other projects remain entirely offline while the security engineering work continues.

As part of the cleanup process, Microsoft started reaching out directly to a small group of customers who likely downloaded the infected files. The company plans to keep monitoring the situation and will reach out through established support channels if they find more compromised accounts. Microsoft declined to share the exact number of developers hit by the breach when asked for details. Online records show that GitHub staff disabled at least 70 distinct Microsoft-owned projects for violating the platform’s terms of service. Anyone trying to load those project pages now sees a stark warning message instead of code.

This incident fits into a scary, growing trend of supply chain attacks targeting open source ecosystems. Instead of attacking a well-defended corporate network directly, hackers infect a trusted piece of software that thousands of companies rely on. When developers download the update, they willingly hand over the keys to their entire network. This specific strategy is incredibly dangerous because AI developers often possess massive privileges, giving hackers a back door into sprawling cloud networks and mountains of sensitive customer data.

While independent developers deal with these targeted code injections all the time, it is incredibly rare to see a massive tech titan like Microsoft get caught flat-footed. This marks the second time in just a few weeks that hackers successfully poisoned Microsoft’s public code repositories. In mid-May, security researchers discovered that hackers compromised Microsoft’s open source project called Durable Task, a popular tool used to build web applications. Security analysts fear that this latest incident is actually a re-compromise of that same project. This implies that Microsoft failed to fully kick the hackers out during their first cleanup attempt, or they are dealing with an entirely new, deeply embedded security vulnerability.