Supply Chain Attack Targets AI Developer Tools via Obfuscated Setup Hook
Key Takeaways
- ▸Malicious code injected via .github/setup.js exploits trusted developer tool integrations (Claude hooks, Gemini hooks, Cursor, VSCode)
- ▸Attack spreads through deceptive skip-CI commits on open PRs, then persists after merge
- ▸Payload is intentionally obfuscated to complicate detection and incident response
Summary
A significant supply chain attack has compromised developer environments by injecting malicious code into popular development tools and AI platforms. The attack, discovered the evening of June 4, 2026 (BST), targets integration points including Claude hooks, Gemini hooks, Cursor setup, and VSCode task configurations. The attack vector is an obfuscated Node.js file (.github/setup.js) that executes automatically when developers initialize these tools.
The malware spreads rapidly through open pull requests by adding mimicked skip-CI commits that bypass code review processes. Once merged into main branches, the payload persists across developer clones and installations. The obfuscated nature of the payload suggests sophisticated adversaries attempting to evade detection and complicate forensic analysis. As of the disclosure, the original attack source remains unidentified, and organizations are still assessing the full scope of the compromise and data exfiltration.
The attack affects the broader AI developer ecosystem, targeting tools from multiple companies including Anthropic (Claude), Google (Gemini), Anysphere (Cursor), and Microsoft (VSCode integrations). This incident underscores vulnerabilities in supply chain security for developer-focused AI platforms and the risks posed by automated tool integrations that execute code without explicit user approval.
- Supply chain attack affects multiple AI companies' developer tools simultaneously
- Original attack vector and payload details remain under investigation
