Microsoft has cut off access to dozens of its open source projects hosted on GitHub after hackers breached the repositories and injected password-stealing malware into the code. The attack specifically targeted tools used by AI developers, including projects related to Microsoft’s Azure cloud service and development environments like VS Code.
The breach highlights a growing threat to the software supply chain, where attackers compromise widely-used open source projects to reach large numbers of users. For AI developers who often have access to sensitive cloud systems and customer data, such attacks pose particularly serious risks to both individual developers and the companies they work for.
Security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware were among the first to identify the compromise. According to TechCrunch, the malware was designed to steal users’ passwords and other sensitive credentials when developers opened the compromised tools in their AI coding applications.
The affected projects included tools for popular AI development platforms such as Claude Code, Gemini’s command line interface, and VS Code extensions. Microsoft has not disclosed how many people downloaded the compromised tools before the breach was discovered.
Microsoft spokesperson Ben Hope confirmed the company “temporarily removed some repositories as we investigated potential malicious content.” He added that while some repositories have been restored after review, others remain offline as the investigation continues.
At least 70 Microsoft projects show as “disabled” on GitHub, displaying a message that “Access to this repository has been disabled by GitHub Staff due to a violation of GitHub’s terms of service.” Microsoft owns GitHub, the popular code-hosting platform where the compromised projects were hosted.
The company has notified affected customers who may have downloaded content from the compromised repositories. However, Microsoft declined to provide specific numbers about how many users were impacted when asked.
This represents the second known breach of Microsoft’s open source projects in recent weeks. In mid-May, security researchers identified a hack of Microsoft’s Durable Task project, a tool for building applications. OpenSourceMalware suggests the latest incident may be a “re-compromise” of the same project, indicating Microsoft may not have fully removed the attackers initially.
Supply chain attacks on open source projects have become increasingly common as hackers recognize the potential to reach large numbers of users through widely-adopted code libraries and tools. While individual open source developers are frequently targeted, breaches of major technology companies like Microsoft are less common given their security resources.
The targeting of AI development tools is particularly concerning as artificial intelligence development accelerates across industries. Developers working on AI projects often have elevated access to cloud infrastructure, training data, and production systems, making them high-value targets for cybercriminals and state-sponsored hackers alike.