Microsoft's open source tools were hacked to steal passwords of AI developers
techcrunch.com
June 9, 2026
3 min read
🔥🔥🔥🔥🔥
59/100
Summary
Microsoft is investigating a breach of its open source projects on GitHub, where hackers injected password-stealing malware into the code. Access to dozens of affected projects, including those related to Azure and AI development tools, has been cut off.
Key Takeaways
- Microsoft has disabled access to at least 70 of its open source projects on GitHub due to a breach that injected password-stealing malware into the code.
- The malware allowed hackers to steal users' passwords and sensitive credentials when the compromised tools were used in AI coding applications.
- This incident marks Microsoft's second known breach of its open source projects in recent weeks, following a previous compromise of the Durable Task project.
- Microsoft is investigating the breach and has temporarily removed some repositories while notifying affected customers.
Community Sentiment
Positives
- The discussion highlights the importance of using fine-grained access tokens for AI agents, which could enhance security and reduce risks associated with token misuse.
- Sandboxing development environments is emphasized as a crucial practice to limit the impact of potential attacks on AI developers.
Concerns
- The repeated security breaches at Microsoft raise serious concerns about their ability to protect sensitive information, especially in the context of AI development.
- There is a growing fear that the current RBAC models are inadequate for managing access in environments where AI tools are widely used, increasing the risk of supply chain attacks.
