GitHub disclosed on May 19-20, 2026, that attackers stole data from ~3,800 internal repositories after compromising an employee’s machine through a malicious Nx Console VS Code extension.
Attack Summary
On May 18, a fake maintainer uploaded poisoned version v18.95.0 of Nx Console (2.2M+ installs) to the VS Code Marketplace. The extension was live for about 18 minutes before removal. It stole GitHub tokens, npm credentials, AWS keys, SSH keys, and more.The attack stemmed from the earlier Mini Shai-Hulud campaign that compromised a legitimate Nx developer’s credentials via the TanStack package ecosystem. Threat group TeamPCP claimed responsibility and attempted to sell the stolen data.
Why This Matters for AI Security
AI development heavily relies on VS Code, monorepos, and open-source tools, exactly the attack surface exploited here. With sensitive assets like model weights, training data, and GPU cluster credentials at stake, supply chain attacks on developer tooling pose outsized risk to AI organizations.This incident follows similar compromises targeting AI companies through the same vectors in 2024-2025. Attackers are increasingly using AI to accelerate malware creation and social engineering, while defenders struggle with the pace of tool dependencies.
Key Takeaways
- Audit and restrict VS Code extensions, even popular ones can be compromised.
- Rotate all secrets immediately (GitHub, cloud providers, credential managers).
- Enforce multi-approval for package/extension publishing.
- Treat developer workstation and supply chain security as core parts of AI threat models.
Organizations building AI systems should treat this as a loud warning: the next breach could expose proprietary models or training infrastructure. GitHub and Nx have both improved controls, but vigilance across the ecosystem is essential.