Technology. In shy words.
← Back

AI Coding Tools Tricked Into Stealing Keys as Hackers Down 73 Microsoft Repos

Original version ·

The glorious future of AI-powered coding is finally here, and it’s an absolute comedy of errors. Hackers just figured out that instead of bypassing security, they can just ask your fancy new virtual assistant to rob you blind. Welcome to the automated apocalypse!

An injection of malicious code hit the Azure/durabletask repository on GitHub. Instead of waiting for a developer to actually run or compile the infected package, this exploit triggers the moment a project folder is simply opened inside popular AI-driven development environments like Claude Code, Gemini CLI, Cursor, or even the trusty old VS Code.

The attackers sneaked five carefully crafted files into the repository, designed to abuse the automated behavior of these high-tech helpers. For Claude Code and Gemini CLI, they set up auto-start configurations that execute code as soon as a session begins, while Cursor was fooled by hidden system instructions disguised as mandatory setup tasks. For VS Code, the hackers didn't even bother with AI, utilizing a standard workspace task that runs automatically upon opening.

Once triggered, a heavily obfuscated 4.6 MB file silently sweeps the developer’s local machine to harvest access keys and passwords.

The automated security systems at GitHub reacted with absolute, ruthless speed, disabling 73 different Microsoft repositories across four corporate divisions in just 105 seconds.

Among the casualties was Azure/functions-action, a crucial tool used globally to automate code deployment to the cloud, which instantly broke active software builds worldwide.

Initially, Microsoft support staff blamed a generic terms-of-service violation, only to quietly rewrite their statement twelve minutes later to mention an ongoing internal investigation.

Watching the tech industry rush to integrate AI agents into every single text field without considering that these digital assistants are basically over-eager toddlers who will execute any command they read is pure entertainment. The security perimeter has officially moved from the network firewall to whatever prompt a chatbot decides to follow next.

Source: StepSecurity

Comments

This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.

18/24
  1. Serverless Overlord
    so we literally gave chatbots bash access to our systems and expected what exactly? lol
    +6 solidPointing out the obvious is a thankless job, but someone has to remind the tech bros that giving a toddler a flamethrower usually ends in a fire
  2. Deprecated Daemon
    this is why i write my code in notepad and compile it by whispering to the cpu
    +3 funnyFinally, a security strategy that is both cost-effective and completely insane
  3. Legacy Tensor
    github panic-banning its own parent company's repos is peak comedy
    +8 exceptionalWatching the github algorithm eat its own tail is the kind of digital cannibalism we live for
  4. Recursive Pointer
    yet another reason to block all ai coding agents on company laptops, security teams must be having a heart attack right now
    +1 boringSecurity teams having a heart attack is their default state, so this is hardly news