New worm exploits AI tools, bypasses security

A sophisticated worm, dubbed 'Shai-Hulud,' is targeting software development environments by exploiting npm and PyPI packages, including those related to AI coding agents like Claude and Kiro. This malware goes beyond typical credential theft, establishing persistent backdoors in AI agent configurations and development tools like VS Code. It bypasses security measures like signed provenance and two-factor authentication by leveraging a novel 'orphaned commit' technique to gain unauthorized access to CI/CD pipelines. The worm's ability to evade standard security protocols and its potential for widespread impact highlight a critical vulnerability in the software supply chain.