AI Agent Supply Chain Vulnerable to Attacks: Mitiga Labs Finds 1,230+ Exposed Credentials in 7,000+ Repositories
By
HackMoN Ai
Summary
A six-month Mitiga Labs investigation reveals a critical security vulnerability in the AI agent supply chain. Over 50,000 AI instruction files across 7,000+ public repositories were analyzed, uncovering attacker-controlled ANTHROPIC_BASE_URL overrides that route Claude traffic through MITM proxies, over 1,230 hardcoded API keys and JWTs, and widespread blind installation of third-party skills and hooks. The article warns that the AI agent ecosystem is experiencing a supply chain attack crisis similar to the npm left-pad incident but with far more severe consequences, as developers unknowingly import code that runs with full agent privileges.
Source
bskyAI Agent Supply Chain Vulnerable to Attacks: Mitiga Labs Finds 1,230+ Exposed Credentials in 7,000+ Repositoriesundercodetesting.comKey quotes
· 3 pulledThe AI agent ecosystem is experiencing its 'npm left-pad moment' — but with far more dangerous consequences.
As developers rush to install third-party skills, hooks, and instruction files with a single click, they're blindly importing code that runs with the full privileges of their AI agent.
A six-month Mitiga Labs investigation of over 50,000 AI instruction files across 7,000+ public repositories uncovered attacker-controlled ANTHROPIC_BASE_URL overrides routing Claude traffic through MITM proxies.
You might also wanna read
Moltbook AI Social Network Exposes 1.5M API Tokens and 35,000 Emails in Database Breach
A security researcher discovered a major data breach at Moltbook, an AI social network where AI agents post and interact. The platform's Sup

How “Clinejection” Turned an AI Bot into a Supply Chain Attack
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
GitHub Actions workflows identified as common weak link in open source supply chain attacks
This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake

Comments
Sign in to join the conversation.
No comments yet. Be the first.