Cyberside Chats: Cybersecurity Insights from the Experts

Vibe coding is everywhere now and a new worm is built to exploit it. Whether it's your IT staff spinning up a handy new tool or the software vendor you rely on, the moment someone opens AI-generated or downloaded code in an assistant like Cursor or Claude Code, it strikes, no install, no "run" required. In its nastiest move, this worm, known as Miasma, talks the AI itself into running the attacker's payload. This isn't theoretical: in June 2026 it breached Microsoft's own code, compromising repositories across its Azure organizations, and GitHub scrambled to shut down 73 of them in under two minutes. One compromised machine can hand an attacker cloud keys, tokens, and a foothold into everything downstream — yours or a vendor's.

Join Sherri Davidoff and Matt Durrin for why this new "execute on open" tactic breaks years of supply-chain defense assumptions, how it turns AI coding tools into the attacker, and the questions every security leader should be asking Monday morning — plus live Q&A.

Key Takeaways

1. Recognize that simply opening code can now trigger an attack. For years the rule was "don't run untrusted code" — but this worm executes the instant a repository is opened in an editor or AI coding tool, before anyone installs or runs anything. Opening code is no longer a passive, look-only act. Make sure your teams know that browsing or opening an unfamiliar repository can itself launch malware, and that anyone reviewing outside code should do it in an isolated or sandboxed environment rather than on a machine holding live credentials.

2. Govern your AI coding tools like the privileged software they are. AI coding assistants can now be tricked into running an attacker's code on a developer's behalf. These tools have largely entered organizations without policy, review, or oversight. Set expectations for which AI coding tools are approved, what they're permitted to do automatically, and who owns that decision — the same way you'd govern any tool with access to credentials and systems.

3. Assume one compromised developer equals a foothold in your environment. A developer's machine holds cloud keys, tokens, and publishing rights — compromise one and an attacker can reach everything downstream, including your customers. Confirm that developer and build-system credentials are scoped, short-lived, and monitored, and that your incident response plan treats a single developer compromise as a potential enterprise event, not an endpoint cleanup.

4. Extend third-party risk past vendors to the code your people pull in daily. Most programs assess software vendors and ignore the open-source packages employees install — which is exactly where this attack lives. Ask whether a poisoned package would be caught before credentials walked out, or only after.

5. When credentials are exposed, demand complete rotation — and proof. This same attacker hit Microsoft twice in a month because the credentials from the first incident weren't fully cleaned up. After any exposure, the expectation should be that every credential tied to that identity is rotated and the old ones confirmed dead — not "we changed the password." Partial remediation is an open invitation to be hit again.

Resources

1. OpenSourceMalware — first report of the Microsoft compromise: https://opensourcemalware.com/blog/miasma-reaches-azure

2. StepSecurity — Miasma forensic analysis: https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents

3. The Register — GitHub disables Microsoft repos; Microsoft later restored them: https://www.theregister.com/security/2026/06/08/github-nukes-70-microsoft-repos-amid-suspected-worm-attack/5252169

4. The Hacker News — Miasma worm hits 73 Microsoft repositories: https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html

5. Socket — Shai-Hulud descends to Hades (PyPI wave): https://socket.dev/blog/shai-hulud-descends-to-hades-miasma-worm-pypi-wave