OpenAI Codex Supply Chain Attack Exposes Growing Risks in AI Development Environments

**Executive Summary:** A malicious npm package impersonating an OpenAI Codex-related utility was used to silently harvest OpenAI authentication tokens, developer credentials, and persistent refresh tokens, illustrating how software supply chain attacks against AI-assisted development environments can scale and evade detection; the report emphasizes the need for broad visibility across developer tools, authentication logs, endpoints, and network traffic to detect and mitigate such compromises.