AI Coding Agents Exploited in Rising Supply Chain Attacks
ID: cede2602-eb2d-5572-89f4-3c1726bff6c8
STIX ID: report--cede2602-eb2d-5572-89f4-3c1726bff6c8
Feed Name: ThreatCluster
Threat Score
In 2026 attackers increasingly exploited AI coding agents and package dependency resolution to carry out supply-chain attacks: PromptMink (attributed to a North Korean group) and a compromised Mastra AI framework introduced malicious packages that executed during installation, highlighting growing malicious activity across npm and PyPI and the insufficiency of current vulnerability prioritization and security controls.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
