All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

AI Agent Supply Chain Vulnerable to Attacks: Mitiga Labs Finds 1,230+ Exposed Credentials in 7,000+ Repositories

By

HackMoN Ai

21d ago· 10 min readenInsight

Summary

A six-month Mitiga Labs investigation reveals a critical security vulnerability in the AI agent supply chain. Over 50,000 AI instruction files across 7,000+ public repositories were analyzed, uncovering attacker-controlled ANTHROPIC_BASE_URL overrides that route Claude traffic through MITM proxies, over 1,230 hardcoded API keys and JWTs, and widespread blind installation of third-party skills and hooks. The article warns that the AI agent ecosystem is experiencing a supply chain attack crisis similar to the npm left-pad incident but with far more severe consequences, as developers unknowingly import code that runs with full agent privileges.

Source

bskyAI Agent Supply Chain Vulnerable to Attacks: Mitiga Labs Finds 1,230+ Exposed Credentials in 7,000+ Repositoriesundercodetesting.com

Key quotes

· 3 pulled
The AI agent ecosystem is experiencing its 'npm left-pad moment' — but with far more dangerous consequences.
As developers rush to install third-party skills, hooks, and instruction files with a single click, they're blindly importing code that runs with the full privileges of their AI agent.
A six-month Mitiga Labs investigation of over 50,000 AI instruction files across 7,000+ public repositories uncovered attacker-controlled ANTHROPIC_BASE_URL overrides routing Claude traffic through MITM proxies.
Snippet from the RSS feed
SkillGate Exposed: The AI Agent Supply Chain Is Already Under Attack — And Your Credentials Are Next + Video - "Undercode Testing": Monitor hackers like a

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.