https://www.wiz.io/blog/s1ngularity-supply-chain-attack
Attackers have successfully compromised multiple Nx NPM packages in a sophisticated supply chain attack that leverages artificial intelligence tools for reconnaissance, marking what researchers believe to be the first documented case of malware coercing AI assistant CLIs to assist in data harvesting operations. The attack, discovered by Wiz researchers, targeted the popular open-source codebase management platform Nx, which claims 24 million monthly NPM downloads and usage by more than 70 percent of Fortune 500 companies, potentially exposing thousands of developers to credential theft and system compromise.
The malicious campaign began on August 26, 2025, when attackers used compromised NPM publishing tokens to upload poisoned versions of Nx packages designed to steal sensitive developer credentials including GitHub and NPM tokens, SSH keys, and cryptocurrency wallet details. The attack’s most notable innovation involved abusing locally installed generative AI command-line interfaces such as Claude, Gemini, and Amazon Q to recursively scan victim file systems and write discovered sensitive file paths to inventory files, effectively turning legitimate AI tools into unwitting accomplices in the reconnaissance phase. The stolen credentials were then automatically posted to new public GitHub repositories under victims’ accounts, remaining accessible for approximately eight hours before GitHub intervened.
Wiz researchers reported that the attack resulted in the exposure of more than 1,000 valid GitHub tokens, around 20,000 stolen files, and dozens of valid cloud credentials and NPM tokens before being contained. The malicious packages were published over a two-hour period starting at 22:32 UTC on August 26, with NPM removing all affected versions within an hour of being alerted at 02:58 UTC. Security researchers noted that the attackers also included a destructive element by adding shutdown commands to victims’ startup files, which may have contributed to faster detection as affected systems would shut down upon login. This incident represents a concerning evolution in supply chain attack techniques, demonstrating how threat actors are adapting their methods to exploit AI tools that have become integral to modern development workflows.