Elastic Security Researcher Catches Axios Supply Chain Attack Using AI-Powered Detection Tool
Key Takeaways
- ▸An AI-powered supply chain monitoring tool built by Elastic's Joe Desimone detected a major compromise of the Axios npm package, one of the world's most widely-used JavaScript libraries, in real-time
- ▸The detection system uses LLMs to analyze code diffs from package repositories, focusing on the top 15,000 packages by download count to balance coverage with computational efficiency
- ▸The tool was developed rapidly (in one afternoon) following escalating supply chain attacks, including the Trivy GitHub Action compromise and subsequent LiteLLM credential theft, highlighting the critical security gaps in current open-source ecosystem protections
Summary
Joe Desimone, a security researcher at Elastic, detected a major supply chain compromise of the Axios npm package—one of the most popular packages in the world—using a proof-of-concept detection tool he built in a single afternoon on Friday. The tool, powered by AI, automatically monitors package repositories for suspicious code changes by polling PyPI and npm registries, downloading package diffs, and using an LLM to analyze whether changes are malicious. The Axios attack is attributed to DPRK state actors and represents one of the largest supply chain compromises on npm to date.
Desimone developed the tool in response to escalating supply chain security incidents, including the March 2026 Trivy GitHub Action compromise by TeamPCP, which led to credential theft and subsequent attacks on packages like LiteLLM. Motivated by the urgent need to protect Elastic's developers and security customers, he created a lightweight system that focuses on monitoring the top 15,000 most-downloaded packages—an approach that balances comprehensive coverage with manageable computational costs. The detection system successfully caught the Axios malicious release when an automated Slack alert triggered on Monday night, demonstrating the practical value of AI-assisted threat detection in securing the open-source ecosystem.
- Supply chain security compromises represent a growing threat vector, with attackers stealing CI/CD credentials and using them to inject malicious code into widely-trusted packages that affect thousands of downstream projects
Editorial Opinion
This incident demonstrates both the power and necessity of AI-assisted security detection in protecting the open-source ecosystem. While Desimone's tool is remarkably simple—comparing diffs and asking an LLM if code looks malicious—it proved effective where traditional monitoring failed, catching a nation-state attack in real-time. The speed of development (one afternoon) and the focus on practical, cost-effective monitoring of high-impact packages shows a pragmatic approach to AI security. However, this story also underscores a troubling reality: we've reached a point where the security of foundational packages now depends on individual researchers deploying ad-hoc AI tools rather than systemic safeguards. As supply chain attacks continue to escalate in sophistication, the industry must move toward building these capabilities into package repositories and security infrastructure itself.
