StepSecurity reports that an attacker compromised a Pythagora co-founder’s GitHub account and force-pushed a Shai-Hulud credential-stealer payload into the 33,000-star open-source AI coding tool gpt-pilot, but ruff lint failures blocked CI twice before the attack was disclosed.
Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter
StepSecurity reports that an attacker compromised a Pythagora co-founder's GitHub account and force-pushed a Shai-Hulud credential-stealer payload into the 33,000-star open-source AI coding tool gpt-pilot, but ruff lint failures blocked CI twice before the attack was disclosed.
Source: Stepsecurity