Microsoft has shut down more than 70 of its own GitHub repositories—including those tied to Azure and AI coding agents—while investigating a breach that planted malware designed to steal credentials when victims opened compromised packages in tools like Claude Code or Gemini CLI, according to cybersecurity researchers and a statement the company provided to 404 Media.

The Attack Vector

The scheme targeted developers who rely on Microsoft's official code libraries for their AI-assisted workflows. When users installed or accessed these poisoned packages through popular AI coding assistants—specifically Anthropic's Claude Code and Google's Gemini CLI—the malware activated silently in the background, harvesting credentials and transmitting them back to the attackers. It's a textbook supply chain attack that exploits the trust developers place in Microsoft-branded repositories.

Scope of the Breach

Researchers tracking the incident say the compromised packages were distributed through Microsoft's own infrastructure, making them appear legitimate to automated security scanning tools. The company has not released full details about which specific repositories were affected or how long the malicious code was active before detection. However, the targeting of AI coding assistants—relatively new additions to many developers' toolkits—suggests the attackers were specifically hunting for fresh attack surfaces with potentially weaker defenses.

What Remains Unclear

The precise timeline and full extent of the breach remain murky as Microsoft continues its investigation. The company has not confirmed whether any user credentials were successfully exfiltrated en masse, nor has it disclosed which specific package researchers identified as the initial compromise point. Security teams are advising developers who have recently pulled code from Microsoft's GitHub to audit their environments immediately and rotate any potentially exposed credentials.

Key Takeaways

  • Attackers compromised Microsoft's own repositories to distribute malware through trusted channels
  • The malware specifically targeted Claude Code and Gemini CLI users, exploiting AI coding tool adoption
  • Microsoft has disabled 70+ repositories but hasn't disclosed full scope or timeline of the breach
  • Developers should audit recent installs from Microsoft GitHub and rotate credentials as a precaution

The Bottom Line

This is exactly the kind of supply chain nightmare that gives DevOps teams nightmares—but with an AI twist. As developers increasingly delegate routine tasks to coding assistants, they're also inheriting whatever garbage those tools pull down from compromised sources. Microsoft's going to need more than 70 disabled repos to rebuild trust here; this breach directly undermines the 'safe defaults' narrative that cloud vendors have been pushing since day one.