Weaponizing AI Coding Agents for Malware (Nx Event)(snyk.io)
snyk.io
Weaponizing AI Coding Agents for Malware (Nx Event)
https://snyk.io/de/blog/weaponizing-ai-coding-agents-for-malware-in-the-nx-malicious-package/
https://snyk.io/de/blog/weaponizing-ai-coding-agents-for-malware-in-the-nx-malicious-package/
"The root cause for the malicious version of Nx published to npm is now known to have been a flawed GitHub Actions CI workflow [...] the code contribution is estimated to have been generated by Claude Code."
"the payload weaponized local AI coding agents (claude, gemini, and q) via a dangerous prompt to inventory sensitive files and then exfiltrate secrets, credentials, and sensitive data off of the host and on to a public GitHub repo"