HomeClaude Used to Create Malicious npm Packages: Over 670 Compromised Threaten Open Source
A recent cybersecurity incident reveals how large language models (LLMs) are being weaponized for malicious software development. Security researcher Sibi Moosa spotted an attacker using the alias "mousie-5212-super-formatter" leveraging Anthropic's Claude AI to generate harmful code and contaminate the npm package ecosystem. Within a short timeframe, over 670 malicious packages were uploaded to the npm registry, raising alarms over the speed and automation of such attacks.
At the core of this attack is the use of AI to drastically reduce the effort required to create malicious code. The compromised npm packages target developer credentials like npm tokens and GitHub tokens, as well as source code from private GitHub repositories. The attacker employs Claude to craft coherent data-stealing scripts and exfiltrates the stolen information to their own repositories. This case underscores how generative AI, while boosting productivity, also serves as a force multiplier for attackers, amplifying both efficiency and automation.
Experts note that automated package poisoning and code theft through AI models signify a new, intelligent stage in supply chain attacks. Traditional signature-based defenses are ill-equipped to counter the highly variable and deceptive malicious payloads that AI can generate. With the growing adoption of AI coding assistants, preventing their misuse for vulnerability exploitation and malware creation has become a critical priority in AI security governance.
Related article
Cursor AI Coding Startup to Hire 200 in Asia-Pacific After Significant Investment from SpaceX
AI coding startup Cursor has unveiled a major global expansion, planning to hire 200 employees across the Asia-Pacific region over the next six months. Key roles include marketing engineers, field engineers, and AI deployment engineers. This move und
Reliance unveils $110B AI investment plan as India accelerates tech drive
Mukesh Ambani, the billionaire chairman of India's Reliance conglomerate, announced on Thursday a ₹10 trillion (roughly $110 billion) plan to build AI computing infrastructure across India over the next seven years.Speaking at the India AI Impact Sum
Zhiyuan WITA Ends 'Naked' Robot Interaction with First Compliance Filing
The embodied intelligence sector has reached a significant milestone. According to the latest announcement from the Shanghai Cyberspace Administration, the WITA large model developed by Zhiyuan has successfully completed the filing process, becoming
Related Special Topic Recommendations
Animation Creation
AI Anime Generator for Donghua: Create Web Novel Characters & Comic Avatars
Discover the 2026 best AI anime generators for donghua. Our top-rated, curated list features powerful tools to create stunning web novel characters and comic avatars. Compare free vs paid options with real-world tests. Find your perfect creative partner and bring your stories to life today at XIX.AI.
10 tools
xix.ai
Comic Creation
Top AI Auto-Colorization Tools for Manga: Apply Flat Colors with Zero Consistency Errors
Discover the 2026 best AI auto-colorization tools for manga at XIX.AI. Our curated list features top-rated, game-changing solutions that apply flat colors with zero consistency errors, boosting your productivity. Explore free vs paid comparisons, real-world tests, and weekly updated rankings to find your perfect match. Unlock your AI edge today.
10 tools
xix.ai
writing
Top AI Fiction Profile Creators: Generate Consistent Character Motivations and Fatal Flaws
Discover the 2026 best AI fiction profile creators for crafting deep characters. XIX.AI's curated list features top-rated, game-changing tools that generate consistent motivations and fatal flaws. Compare free vs paid options with real-world tests. Unlock your storytelling potential now.
10 tools
xix.ai
Business
Top AI Pricing Optimization Software: Track Competitors & Auto-Adjust Store Prices
Discover the 2026 best AI pricing optimization software on XIX.AI. Our curated list features top-rated, game-changing tools that track competitors and auto-adjust your store prices for maximum profit. Compare free vs paid options with real-world tests. Unlock your pricing edge now.
10 tools
xix.ai
code
Best AI Code Reviewers: Automate Clean Code Compliance & Refactor Legacy Repo Files
Discover the 2026 best AI code reviewers on XIX.AI. Our curated list features top-rated, game-changing tools for automating clean code compliance and refactoring legacy repo files. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI edge today.
10 tools
xix.ai
Text-to-speech
Top AI TTS Apps for Dyslexia: Support Learning and Reading Efficiency for Students
Discover the 2026 latest top-rated AI TTS apps curated for dyslexia support. Our expert rankings compare free vs paid tools, highlighting powerful features for enhanced reading efficiency and learning. Explore must-try, game-changing solutions to unlock student potential. Start your journey at XIX.AI.
10 tools
xix.ai
Comments (0)
0/500
A recent cybersecurity incident reveals how large language models (LLMs) are being weaponized for malicious software development. Security researcher Sibi Moosa spotted an attacker using the alias "mousie-5212-super-formatter" leveraging Anthropic's Claude AI to generate harmful code and contaminate the npm package ecosystem. Within a short timeframe, over 670 malicious packages were uploaded to the npm registry, raising alarms over the speed and automation of such attacks.
At the core of this attack is the use of AI to drastically reduce the effort required to create malicious code. The compromised npm packages target developer credentials like npm tokens and GitHub tokens, as well as source code from private GitHub repositories. The attacker employs Claude to craft coherent data-stealing scripts and exfiltrates the stolen information to their own repositories. This case underscores how generative AI, while boosting productivity, also serves as a force multiplier for attackers, amplifying both efficiency and automation.
Experts note that automated package poisoning and code theft through AI models signify a new, intelligent stage in supply chain attacks. Traditional signature-based defenses are ill-equipped to counter the highly variable and deceptive malicious payloads that AI can generate. With the growing adoption of AI coding assistants, preventing their misuse for vulnerability exploitation and malware creation has become a critical priority in AI security governance.
Cursor AI Coding Startup to Hire 200 in Asia-Pacific After Significant Investment from SpaceX
AI coding startup Cursor has unveiled a major global expansion, planning to hire 200 employees across the Asia-Pacific region over the next six months. Key roles include marketing engineers, field engineers, and AI deployment engineers. This move und
Reliance unveils $110B AI investment plan as India accelerates tech drive
Mukesh Ambani, the billionaire chairman of India's Reliance conglomerate, announced on Thursday a ₹10 trillion (roughly $110 billion) plan to build AI computing infrastructure across India over the next seven years.Speaking at the India AI Impact Sum
Zhiyuan WITA Ends 'Naked' Robot Interaction with First Compliance Filing
The embodied intelligence sector has reached a significant milestone. According to the latest announcement from the Shanghai Cyberspace Administration, the WITA large model developed by Zhiyuan has successfully completed the filing process, becoming
Discover the 2026 best AI anime generators for donghua. Our top-rated, curated list features powerful tools to create stunning web novel characters and comic avatars. Compare free vs paid options with real-world tests. Find your perfect creative partner and bring your stories to life today at XIX.AI.
10 tools
xix.ai
Discover the 2026 best AI auto-colorization tools for manga at XIX.AI. Our curated list features top-rated, game-changing solutions that apply flat colors with zero consistency errors, boosting your productivity. Explore free vs paid comparisons, real-world tests, and weekly updated rankings to find your perfect match. Unlock your AI edge today.
10 tools
xix.ai
Discover the 2026 best AI fiction profile creators for crafting deep characters. XIX.AI's curated list features top-rated, game-changing tools that generate consistent motivations and fatal flaws. Compare free vs paid options with real-world tests. Unlock your storytelling potential now.
10 tools
xix.ai
Discover the 2026 best AI pricing optimization software on XIX.AI. Our curated list features top-rated, game-changing tools that track competitors and auto-adjust your store prices for maximum profit. Compare free vs paid options with real-world tests. Unlock your pricing edge now.
10 tools
xix.ai
Discover the 2026 best AI code reviewers on XIX.AI. Our curated list features top-rated, game-changing tools for automating clean code compliance and refactoring legacy repo files. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI edge today.
10 tools
xix.ai
Discover the 2026 latest top-rated AI TTS apps curated for dyslexia support. Our expert rankings compare free vs paid tools, highlighting powerful features for enhanced reading efficiency and learning. Explore must-try, game-changing solutions to unlock student potential. Start your journey at XIX.AI.
10 tools
xix.ai
