Attack targeting OpenAI Codex users exposes AI software supply chain risks
Summary
Attackers published a malicious npm package (a software library distribution platform) called codexui-android that appeared to be a legitimate tool for OpenAI Codex users but secretly stole authentication tokens and sent them to an external server. The attack exploited a supply chain gap where malicious code was hidden in the distributed package but not visible in the public source code repository, allowing the package to reach about 27,000 weekly downloads before detection. Security experts warn this reflects a broader vulnerability in AI software security, where developer tokens provide persistent access to accounts and are increasingly attractive targets as AI tools become widespread.
Solution / Mitigation
A cybersecurity researcher stated that 'enterprises should verify both the provenance of software packages and the consistency between published artifacts and their public source code.' Additionally, organizations should apply 'least-privilege and behavioral monitoring disciplines to AI tools' the same way they do for human user accounts, and maintain 'a complete inventory of what their AI tools can access, what credentials they inherit, and what external services they interact with.'
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4179815/attack-targeting-openai-codex-users-exposes-ai-software-supply-chain-risks.html
First tracked: June 2, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%