AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

criticalnewsLLM-Specific

security

Source: CSO OnlineFebruary 24, 2026

Summary

A major npm supply chain worm called SANDWORM_MODE is attacking developer machines, CI pipelines (automated systems that build and test software), and AI coding tools by disguising itself as popular packages through typosquatting (creating package names that look nearly identical to real ones). Once installed, the malware steals credentials like GitHub tokens and cloud keys, then uses them to inject malicious code into other repositories and poison AI coding assistants by deploying a fake MCP server (model context protocol, a system that lets AI tools talk to external services).

Solution / Mitigation

npm has hardened the registry against this class of worms by implementing: short-lived, scoped tokens (temporary access credentials limited to specific functions), mandatory two-factor authentication for publishing, and identity-bound 'trusted publishing' from CI (a verification method that proves who is pushing code through automation systems). The source notes that effectiveness depends on how quickly maintainers adopt these controls.

Classification

Attack Type

Supply ChainPrompt InjectionData Extraction

Attack SophisticationAdvanced

Affected Vendors

OpenAIHuggingFace

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Same vendor

Original source: https://www.csoonline.com/article/4136476/shai-hulud-style-npm-worm-hits-ci-pipelines-and-ai-coding-tools.html

First tracked: February 24, 2026 at 07:00 AM

Classified by LLM (prompt v3) · confidence: 95%