Microsoft packages were discovered to contain self-replicating malware that steals credentials upon execution, marking the second such incident in recent weeks. The malware activates when opened by AI agents, exploiting automated systems that process software packages without human review.

The incidents highlight a new attack surface: as enterprises deploy AI agents to automate software procurement, dependency management, and package installation, adversaries are targeting these automated workflows directly. Traditional human-in-the-loop security reviews are bypassed entirely.

What This Means for Your Business

Organizations using AI agents for software supply chain management face new security risks that legacy controls don't address. Procurement and DevOps teams must audit their automated package installation workflows and add agent-specific security measures like sandboxing, cryptographic verification, and anomaly detection. This incident underscores the need for security-by-design practices when deploying autonomous systems in infrastructure roles.