◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Self-Propagating AI Supply-Chain Worm

Definition
Malware that spreads through AI developer ecosystems (npm, PyPI, GitHub) by compromising a single developer account and then replicating itself across all packages and repositories that account maintains. It harvests developer credentials and cloud API keys, enabling widespread downstream compromise.
Why it matters
AI developers are high-value targets because their credentials grant access to frontier models, production AI infrastructure, and cloud environments. A single compromised developer account can cascade into thousands of poisoned packages affecting the entire AI developer supply chain.
Demonstrated by recent findings
Mini Shai-Hulud Self-Propagating GitHub Worm Exfiltrates Developer Credentials (June 19, 2026)Mastra npm Scope Takeover — 144 Packages Compromised via easy-day-js Supply-Chain AttackShai-Hulud/Hades PyPI Supply-Chain Worm Targets AI/ML Packages with LLM Scanner Evasion and Credential-Wiper Daemon
References
Phoenix Security - Mini Shai-Hulud GitHub Worm Analysis
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →