Microsoft has shut down more than 70 of its own repositories on GitHub—including those tied to Azure and AI coding agents—while investigating a data breach that planted credential-harvesting malware directly into developer workflows, the company confirmed in a statement to 404 Media. Cybersecurity researchers tracking the incident say the attack was specifically designed to compromise developers who use AI-assisted coding tools like Anthropic's Claude Code and Google's Gemini CLI.

The Scope of the Breach

The exact contours of how attackers gained access remain unclear, but researchers have pointed to a particular package that was previously compromised before being used as the delivery mechanism. Microsoft has not yet disclosed how long the malicious packages remained active or how many developers may have been affected by the credential theft. The company confirmed it is actively investigating and working with GitHub to remediate the issue across its internal repository infrastructure.

How the Attack Targeted AI Coding Tool Users

Unlike typical supply chain attacks that rely on developers manually installing malicious packages, this breach appears designed to exploit the automated dependency resolution built into modern AI coding assistants. When Claude Code or Gemini CLI users opened compromised Microsoft repositories, the malware would execute and harvest authentication credentials stored in environment variables and local credential managers. The attack leveraged trust in Microsoft's brand—developers typically assume official Microsoft repos are safe to use without extensive vetting.

Researcher Findings

"This is a textbook example of how supply chain attacks evolve when AI tools enter the development workflow," one researcher noted in analysis shared with 404 Media. "AI coding assistants often fetch and execute code automatically, which creates new attack surface that traditional security tooling doesn't account for." The researchers emphasized that credential theft through AI tool chains could give attackers persistent access to cloud infrastructure beyond just local machine compromise.

Microsoft's Response

Microsoft has disabled the affected repositories while conducting its investigation. The company declined to provide a timeline for when repos would be restored or whether it had identified the threat actors responsible. Security researchers are urging developers who have used Microsoft AI-related packages recently to rotate credentials and audit their authentication logs for suspicious activity.

Key Takeaways

  • Over 70 Microsoft repositories on GitHub were disabled following discovery of the breach
  • Malware was designed to harvest developer credentials when opened in Claude Code or Gemini CLI
  • Attackers exploited trust in Microsoft's official repos and AI tool automation
  • Developers should rotate credentials and audit authentication logs immediately

The Bottom Line

This incident exposes a critical vulnerability that most security strategies haven't accounted for: AI coding tools executing code with elevated privileges, automatically trusting branded repositories. Microsoft needs to provide clearer guidance on which specific packages were compromised so developers can actually assess their exposure rather than guessing.