Why Microsoft Shut Down Nearly 100 Open‑Source Repos Over AI Supply‑Chain Poisoning

Supply‑chain poisoning of open‑source software has escalated, prompting an unprecedented response from Microsoft: the company temporarily disabled a large batch of its own GitHub repositories, many of which are tied to Azure cloud services and AI coding agents.

Security researchers and a Microsoft statement confirm that more than 70 repositories were disabled while the company investigates a data‑leak incident. Hackers had injected malicious code that, when opened in AI‑assisted development tools such as Claude Code, Gemini CLI, Cursor, or VS Code, would exfiltrate user credentials.

OpenSourceMalware.com reported that on June 5 GitHub disabled 73 repositories across four Microsoft organizations within 105 seconds. The takedown covered the entire Azure Functions organization, the whole Durable Task series, and a collection of AI example applications, including 49 repos directly related to Azure cloud computing.

StepSecurity’s analysis traced the shutdown to a malicious commit pushed to the Durable Task repository. The commit added a configuration file that, when accessed by the aforementioned AI tools, silently harvested user credentials.

The attack is attributed to the hacker group TeamPCP, which previously breached Microsoft’s Durable Task tool and released three malicious versions in May. TeamPCP has been conducting large‑scale supply‑chain attacks throughout the first half of the year, affecting hundreds of organizations.

Disabling these repositories also breaks any GitHub Actions that depend on them, highlighting that Microsoft’s prior intrusion has not been fully mitigated and underscoring the broader risks of open‑source supply‑chain security.

Reference: bleepingcomputer.com