Weekly Roundup: npm Supply Chain Attack, CISA's AWS Leak, and AI Agent Risks
It’s been quite a week in IT security news, with several stories highlighting how modern development practices and AI tools are creating new vulnerabilities that affect everyone from solo developers to enterprise teams. Here’s what you need to know.
Attackers Exploit npm Trust System Using Stolen Developer Accounts
Open source software developers got a nasty reminder this week that security certificates aren’t always what they seem. On 19 May, attackers managed to slip 633 malicious package versions through npm’s verification system by compromising a legitimate maintainer’s account and generating valid signing certificates.
The clever bit? The security system (called Sigstore) actually worked exactly as designed—it correctly verified that packages were built in a proper environment with valid credentials. The problem was that those credentials had been nicked from a real developer’s account. It’s a bit like a burglar making off with your house keys and the alarm code: all the security measures work perfectly, but they’re letting in the wrong person.
This attack targeted the AntV ecosystem, a collection of data visualisation tools used by countless web applications. The malicious packages were designed to steal data and potentially compromise systems that installed them.
What this means for you: If you’re running any development work or using tools that rely on npm packages (which is most modern web tools), make sure you’ve got two-factor authentication enabled on all your development accounts. Consider using a password manager like NordPass to generate and store unique credentials for each service—reused passwords are often how these account compromises begin.
Major Security Embarrassment as CISA Contractor Leaks AWS Keys on GitHub
In what security experts are calling one of the most serious government data leaks in recent memory, a contractor working for the US Cybersecurity and Infrastructure Security Agency (CISA) accidentally exposed highly privileged credentials to AWS GovCloud accounts in a public GitHub repository.
The irony here is almost painful—CISA is literally the agency responsible for protecting critical infrastructure and advising organisations on cybersecurity best practices. The exposed credentials potentially gave access to internal CISA systems, along with detailed documentation of how the agency builds and deploys its own software.
The repository remained public until this past weekend, though it’s unclear how long the sensitive data was available or whether it was accessed by malicious actors. Security researchers discovered it during routine scanning for exposed credentials.
What this means for you: This incident underscores why proper access management matters for businesses of any size. If you’re using cloud services or remote access tools like Splashtop, regularly audit who has access to what, use separate credentials for different privilege levels, and never, ever commit passwords or API keys to version control systems.
AI Agents Creating New Category of Production Failures
As AI tools become more capable and autonomous, they’re starting to cause a new type of system failure that engineering teams don’t quite know how to handle. According to researchers, AI agents are increasingly making technically correct decisions based on incomplete information, leading to cascading infrastructure problems.
The tricky part is that these aren’t traditional bugs or human errors. An AI agent might initiate an action that makes perfect sense given what it knows, but because it doesn’t have full context about the broader system, that action triggers unexpected consequences. When teams try to conduct post-incident reviews, they often can’t agree whether the problem was the agent, the infrastructure, or the incomplete information the agent received.
This is becoming particularly relevant as tools like Claude (which we’ve reviewed alongside other AI assistants) and similar platforms gain the ability to execute longer-running, multi-day tasks with less human oversight. The “agent era” promises tremendous productivity gains, but it’s also introducing failure modes we’re only beginning to understand.
What this means for you: If you’re using AI productivity tools like Grammarly, Notion AI, or other assistants that can take actions on your behalf, keep a closer eye on what they’re actually doing—especially if they have access to important systems or data. The technology is improving rapidly, but it’s not infallible.
That’s Your Week in IT
Three stories, one common thread: trust and verification in modern systems. Whether it’s stolen developer credentials, accidentally exposed government secrets, or AI agents making decisions without full context, this week reminded us that security isn’t just about having the right tools—it’s about understanding their limitations and maintaining proper oversight. Stay safe out there.