Coverage: Last 24 hours

Today’s Highlights

Supply chain attacks are once again at the forefront as malicious actors exploit both open-source npm packages and IDE marketplaces to steal credentials and infiltrate development environments. Attackers are leveraging the breadth of the AI ecosystem, abusing plugin frameworks and misconfigured cloud SDKs to steal API keys and hijack model operations. Meanwhile, governments are shifting policy and regulatory priorities around AI tools and datacenter operations, with significant implications for continuity, compliance, and risk exposure.

Table of Contents

1. 144 Mastra npm Packages Compromised via Hijacked Contributor Account
2. How the fight over US datacenters is scrambling this state’s politics: ‘We don’t want it’
3. Will it take a ‘Chernobyl-scale disaster’ for us to regulate cyber weapons of mass destruction? | Stuart Russell
4. Trump’s DoJ intervenes to back Elon Musk in datacenter pollution lawsuit
5. SpaceX overtakes Amazon as world’s fifth most valuable company
6. Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
7. Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
8. Malicious JetBrains Marketplace plugins steal AI API keys from developers
9. The curious case of Elias Thorne – and what he tells us about AI inbreeding | Arwa Mahdawi
10. France to ditch Palantir’s AI data tools in favour of domestic provider

Top Stories

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Source: The Hacker News | Risk: High | Impacted: JavaScript/TypeScript app developers, Teams using Mastra framework, Organizations with CI/CD dependencies on npm

Summary: As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity. “A single npm account (ehindero) mass-published more”

Why it matters: Supply chain compromise of npm packages can open broad attack surfaces, enabling code execution or data exfiltration across multiple internal and customer-facing applications.

Practitioner Perspective

Hijacking of a key npm contributor account has allowed a threat actor to poison the @mastra/* namespace, impacting teams that depend on these packages for AI development. Even sophisticated security teams often struggle to monitor high-velocity package updates or contributor changes at scale, making this technique especially impactful. These attacks become persistent footholds if malicious versions propagate into production deployments or transitive dependencies. The key lesson: package provenance and contributor access controls are not optional for open-source consumers. Trace all trust boundaries for public packages and consider runtime controls for package integrity.

Recommended Actions

• Block or quarantine all @mastra/* package updates pending review of recent changes
• Validate package-lock.json or equivalent artifacts for unexpected version shifts referencing compromised contributor accounts
• Identify and roll back deployments depending on any @mastra/* package publish since the easy-day-js incident
• Enable npm audit tooling to alert on known malicious Mastra package versions

Emerging Signals

How the fight over US datacenters is scrambling this state’s politics: ‘We don’t want it’

Source: The Guardian | Risk: Medium | Impacted: Local governments, datacenter operators, environmental advocates

Summary: Josh Shapiro, Pennsylvania’s governor, squares off with state lawmakers over the facilities powering an AI boom. A controversial haunted house near Philadelphia, Pennsylvania, taps into its dark history every fall to scare tens of thousands of visitors. In 1968, a local news station documented appalling conditions for disabled people in the red brick buildings on the banks of Schuylkill River.

Why it matters: Political and regulatory disputes are shaping the future of datacenter expansion and could impact long-term capacity planning for AI and cloud infrastructure, potentially imposing unforeseen operational constraints.

Practitioner Perspective

Disputes over datacenter siting are aligning local stakeholders, environmental concerns, and regulatory momentum in ways that could delay or derail significant AI infrastructure projects. Organizations should anticipate rapid changes in regional cloud availability or requirements and prioritize scenario planning for political risk.

Recommended Actions

• Partner with local authorities to monitor new zoning or permitting requirements impacting critical datacenter sites
• Assess backup and migration strategies for infrastructure at political risk of regulatory restriction

Will it take a ‘Chernobyl-scale disaster’ for us to regulate cyber weapons of mass destruction? | Stuart Russell

Source: The Guardian | Risk: High | Impacted: Policymakers, AI developers, defense sector, critical infrastructure

Summary: Unrestrained development of unsafe AI systems is leading to intolerable risks. Stuart Russell is a computer scientist known for his contributions to AI and a new Guardian US columnist. The AI company Anthropic has been making major headlines recently. Its trillion-dollar IPO plan and its blood feud with secretary of defense Pete Hegseth have attracted much attention, but two other

Why it matters: Growing voices in academia and government warn that AI proliferation, if left unchecked, could result in catastrophes analogous to historical nuclear or cyber crises, making regulatory action both urgent and complex.

Practitioner Perspective

Thought leaders in AI governance highlight the parallels between unchecked AI development and prior failures to control weaponizable technology. Security managers must monitor the shifting policy landscape and be prepared for abrupt compliance mandates or best practice overhauls following a major AI-related incident.

Recommended Actions

• Engage with relevant regulatory frameworks and track pending AI legislation on safety and operational controls
• Prepare board-level briefings on potential regulatory impacts on AI deployment pipelines

Trump’s DoJ intervenes to back Elon Musk in datacenter pollution lawsuit

Source: The Guardian | Risk: Medium | Impacted: Cloud providers, industrial operations, legal and compliance teams

Summary: Justice department urges judge to throw out suit brought by NAACP over xAI’s methane-gas turbines in Mississippi. The Trump administration is coming to the defense of Elon Musk in a lawsuit over claims that his artificial intelligence company, xAI, is polluting residential neighborhoods in north Mississippi. The justice department told a federal court late on Monday to throw out the

Why it matters: Legal decisions around AI datacenter operations and pollution controls set meaningful precedents for environmental regulation, operational viability, and reputational risk for large AI cloud providers.

Practitioner Perspective

With litigation spotlighting environmental impacts of AI infrastructure, compliance teams should view environmental audits and regulatory engagement as core components of risk assessment for new projects, particularly in sensitive jurisdictions.

Recommended Actions

• Conduct environmental compliance reviews for new datacenter sites
• Develop public communication strategies on sustainability and regulatory adherence

SpaceX overtakes Amazon as world’s fifth most valuable company

Source: The Guardian | Risk: Medium | Impacted: Tech investors, AI startup ecosystem, commercial cloud customers

Summary: Value of Elon Musk’s firm at one point rose to $2.97tn days after its IPO following purchase of AI coding startup Cursor. Elon Musk’s SpaceX has overtaken Amazon as the world’s fifth-most valuable company days after its stock market debut. The milestone came as it agreed to buy the startup behind the AI-powered coding app Cursor for $60bn (£44bn), in

Why it matters: SpaceX’s expansion and acquisition of AI companies reflect wider market consolidation and the growing competitive landscape for AI-powered developer tools, influencing procurement and investment decisions globally.

Practitioner Perspective

Large-scale acquisitions such as SpaceX buying Cursor for $60bn signal to practitioners that market dynamics can rapidly alter the AI vendor landscape. Tech teams should stay abreast of such changes as they may affect support, roadmap stability, and licensing terms.

Recommended Actions

• Monitor vendor roadmaps and SLAs after corporate acquisitions
• Evaluate long-term support risk when adopting newly acquired AI tools

Exploits & CVEs

No new exploits or CVE-specific entries reported in the last 24 hours.

AI Security

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Source: The Hacker News | Risk: High | Impacted: JetBrains IDE users, AI software developers, Organizations using DeepSeek or similar LLM plugins

Summary: Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. “Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”

Why it matters: Exposed or stolen AI provider API keys can enable data leaks, abuse of expensive AI compute quotas, or targeted attacks against both developers and downstream clients.

Practitioner Perspective

Organizations with developer teams using JetBrains IDEs are facing a credible supply chain risk: threat actors are exploiting trust in official marketplaces to distribute malicious ‘AI assistant’ plugins. This mirrors the classic pattern of malicious browser extensions but targets the IDE stack, where secrets like AI and cloud provider keys are frequently auto-injected or lazily stored. The campaign’s focus on AI keys indicates attackers understand both the operational value and secondary attack surface these credentials unlock. Security teams must assume plugin-based credential theft is an enduring risk, not a one-off event. The most important defensive move is to implement stringent controls over how and where API keys are stored, injected, and monitored within all development tooling.

Recommended Actions

• Audit all installed JetBrains Marketplace plugins for recent AI tool additions and remove any unvetted or unrecognized ones
• Rotate all AI provider API keys potentially exposed via JetBrains plugin auto-injection
• Instrument DLP and code review checks for accidental or malicious credential exfiltration by IDE plugins
• Block JetBrains plugin installation from untrusted sources at the corporate network or managed endpoint layer
• Monitor for anomalous accesses or billing spikes from AI provider accounts associated with developer keys

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Source: The Hacker News | Risk: High | Impacted: Organizations using Google Vertex AI SDK for Python, ML engineering teams with public or poorly scoped GCP storage buckets, DevOps teams automating model pipelines on GCP

Summary: A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle in the Middle” and said

Why it matters: Exploiting bucket squatting opportunities in cloud ML workflows can allow attackers to hijack model uploads, resulting in code execution risk and possible data breaches within critical infrastructure.

Practitioner Perspective

The Vertex AI SDK for Python inadvertently enabled a logic flaw whereby attackers could occupy storage buckets ahead of model uploads, redirecting or controlling artifacts meant for Google’s infrastructure. This class of supply chain attack is especially insidious because it exploits gaps in automation assumptions and the pre-populated trust of cloud-native data paths. Defenders must remember cloud SDKs are privileged agents and can operate across multiple blast radii. Monitoring for cloud storage takeovers and access anomalies is now a core cloud security hygiene task. At minimum, review all workflow dependencies for similar ‘first-to-claim’ naming or bucket creation approaches.

Recommended Actions

• Deploy the fixed version of Google Vertex AI SDK for Python to all affected workflows
• Inventory and verify the ownership and naming of GCP storage buckets used for model artifact transfer
• Enable GCP audit logs for all bucket and object creation events in Vertex AI-related projects
• Run retrospective reviews for unexplained code executions or file uploads associated with Vertex AI model runs

Malicious JetBrains Marketplace plugins steal AI API keys from developers

Source: BleepingComputer | Risk: High | Impacted: JetBrains IDE environments, Engineering teams using AI chat or coding tools, DevOps pipelines with plugin integrations

Summary: At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers.

Why it matters: Organizations risk inadvertent compromise of proprietary source code and sensitive AI keys embedded in development workflows, resulting in loss of IP or downstream breaches.

Practitioner Perspective

The JetBrains Marketplace continues to be targeted by threat actors seeking to harvest sensitive API credentials from developers under the guise of productivity enhancements. In development environments where plugin installation is insufficiently controlled, attackers can easily obtain not only API keys but potentially gain observability into in-development code and pipeline secrets. The repeated abuse of this channel means defenders must treat plugin vetting as a critical extension of software supply chain controls. Prioritizing both prevention and rapid credential revocation is the minimum bar for risk reduction in these environments. Scrutinize plugin provenance as closely as you do public package dependencies.

Recommended Actions

• Ban installation of AI assistant plugins not published by verified, trusted vendors in JetBrains environments
• Run credential scanning tooling on all developer endpoints and source repositories for exposed AI API keys
• Configure JetBrains IDE policies to restrict or log plugin installation attempts enterprise-wide
• Proactively rotate AI API keys in response to any detection of suspicious plugin activity

The curious case of Elias Thorne – and what he tells us about AI inbreeding | Arwa Mahdawi

Source: The Guardian | Risk: Medium | Impacted: AI platform developers, content integrity teams, AI risk auditors

Summary: A character bearing that name appears in a remarkable number of chatbot-generated stories. He could be a messenger from the future – or a warning that generative AI is in danger of ‘model collapse’. Ever heard of a shadowy figure called Elias Thorne? If you haven’t, try asking an AI chatbot to tell you a story. In recent months, tech

Why it matters: Recurring patterns in generative AI outputs can be a signal of underlying data contamination or model drift, with implications for both system trustworthiness and user safety.

Practitioner Perspective

Analyses of repeated names or themes in model output are essential for auditing generative AI systems for risks of inbreeding, overfitting, or convergence on unhelpful artifacts. Teams deploying LLMs at scale should establish regular content reviews to surface these risks for prompt remediation.

Recommended Actions

• Conduct systematic reviews of model outputs for unexpected anomalies or repetition
• Update training datasets and retrain models to correct established drift or data artifacts

France to ditch Palantir’s AI data tools in favour of domestic provider

Source: The Guardian | Risk: Medium | Impacted: EU-based government agencies, Enterprises handling regulated data sets in AI platforms, Global organizations using Palantir

Summary: Move to ChapsVision is to avoid ‘strategic dependencies’, says PM amid concern about reliance on US-controlled tools France’s domestic intelligence service is to ditch AI data tools from the US tech company Palantir in favour of a domestic provider in an effort to avoid “strategic dependency”, the prime minister, Sébastien Lecornu, has said. “We must use our own AI models;”

Why it matters: Strategic dependency on foreign AI providers introduces long-term risk of supply chain disruption, regulatory exposure, or unauthorized data access under extraterritorial laws.

Practitioner Perspective

France’s move to replace Palantir AI tools with a domestic provider is a direct response to geopolitical and compliance concerns about cross-border AI data handling. Organizations operating in regulated sectors or with multi-jurisdictional exposure should treat AI platform sourcing as a live supply chain risk: access to sensitive data is shaped not just by technical design but by shifting political landscapes. The operational takeaway is clear: single-vendor AI reliance could be forcibly disrupted or legally constrained with little notice. Immediately surface and assess all critical dependencies on US-based AI vendors to quantify business continuity risk.

Recommended Actions

• Inventory all AI data processing workflows reliant on Palantir products or US-hosted AI infrastructure
• Assess regulatory and continuity exposure posed by third-party AI platforms governed by foreign law
• Prepare contingency plans for rapid migration to local AI/ML providers in the case of mandated vendor switching

Defensive Actions

• Audit all installed JetBrains Marketplace plugins for recent AI tool additions and remove any unvetted or unrecognized ones
• Rotate all AI provider API keys potentially exposed via JetBrains plugin auto-injection
• Instrument DLP and code review checks for accidental or malicious credential exfiltration by IDE plugins
• Block JetBrains plugin installation from untrusted sources at the corporate network or managed endpoint layer
• Monitor for anomalous accesses or billing spikes from AI provider accounts associated with developer keys
• Ban installation of AI assistant plugins not published by verified, trusted vendors in JetBrains environments
• Run credential scanning tooling on all developer endpoints and source repositories for exposed AI API keys
• Configure JetBrains IDE policies to restrict or log plugin installation attempts enterprise-wide
• Proactively rotate AI API keys in response to any detection of suspicious plugin activity
• Block or quarantine all @mastra/* package updates pending review of recent changes
• Validate package-lock.json or equivalent artifacts for unexpected version shifts referencing compromised contributor accounts
• Identify and roll back deployments depending on any @mastra/* package publish since the easy-day-js incident
• Enable npm audit tooling to alert on known malicious Mastra package versions
• Deploy the fixed version of Google Vertex AI SDK for Python to all affected workflows
• Inventory and verify the ownership and naming of GCP storage buckets used for model artifact transfer
• Enable GCP audit logs for all bucket and object creation events in Vertex AI-related projects
• Run retrospective reviews for unexplained code executions or file uploads associated with Vertex AI model runs
• Inventory all AI data processing workflows reliant on Palantir products or US-hosted AI infrastructure
• Assess regulatory and continuity exposure posed by third-party AI platforms governed by foreign law
• Prepare contingency plans for rapid migration to local AI/ML providers in the case of mandated vendor switching

What We’re Watching

• The resilience of supply chain controls as open-source ecosystems and vendor marketplaces see new waves of targeted compromise
• Cloud provider response to SDK-flaw exploitation and lessons learned for AI model artifact security
• Ongoing legal and regulatory developments influencing AI infrastructure, datacenter placement, and cross-border vendor dependencies
• Behavioral anomalies in generative AI outputs and their implications for content safety and model robustness
• Business and operational risks arising from rapid vendor consolidation and geopolitical shifts in AI tooling

Categories: Artificial Intelligence, Cybersecurity Blog

Tags: AI Security, Cloud, Policy, Supply Chain, Vulnerabilities