Microsoft Hacked to Deliver Malware to Claude and Gemini Users
Microsoft's removal of 70+ GitHub repositories following a supply-chain compromise targeting AI coding agents exposes a critical vulnerability in the AI development pipeline. Attackers injected credential-stealing malware into repositories likely used by Claude and Gemini integrations, forcing Microsoft into emergency containment. The incident underscores how AI agent adoption has created new attack surfaces: as developers integrate LLMs into workflows and CI/CD systems, compromised dependencies can now harvest API keys and authentication tokens at scale. This marks a shift from traditional software supply-chain risks to ones specifically weaponized against AI infrastructure and user credentials.
Modelwire context
Analyst takeThe buried detail here is directionality: this wasn't an attack on Microsoft's own AI products but on the open-source repositories developers use to wire Claude and Gemini into their own systems, meaning the blast radius runs through the entire third-party integration layer, not just one vendor's users.
The SkillHarm research from arXiv (covered June 1) formalized exactly this threat vector, mapping how third-party skills and dependencies can be weaponized across an agent's full lifecycle. That paper treated it as a theoretical benchmark; this GitHub incident is the production version. It also rhymes with the Meta AI account-takeover story from June 1, where the attack surface wasn't the model itself but the trust assumptions baked into how the model was deployed. Together, these three incidents sketch a pattern: the weakest points in AI infrastructure are the integration seams, not the models.
Watch whether Anthropic or Google issue explicit guidance on verifying GitHub dependencies for Claude and Gemini integrations within the next 30 days. If neither does, that signals the credential-theft risk is being treated as a Microsoft problem rather than a shared supply-chain responsibility, which would leave the integration layer exposed.
This analysis is generated by Modelwire’s editorial layer from our archive and the summary above. It is not a substitute for the original reporting. How we write it.
MentionsMicrosoft · GitHub · Claude · Gemini · 404 Media
Modelwire Editorial
This synthesis and analysis was prepared by the Modelwire editorial team. We use advanced language models to read, ground, and connect the day’s most significant AI developments, providing original strategic context that helps practitioners and leaders stay ahead of the frontier.
Modelwire summarizes, we don’t republish. The full content lives on 404media.co. If you’re a publisher and want a different summarization policy for your work, see our takedown page.