Miasma Worm: Exploitation of AI Coding Agents and Microsoft Azure Infrastructure
The Miasma Worm, deployed by the Shai-Hulud threat cluster, leverages a configuration-based supply chain vector targeting AI coding agents including Cursor, Claude Code, and Gemini CLI. By embedding malicious instructions in configuration files such as .cursor/rules/setup.mdc and .claude/settings.json, the worm achieves auto-execution upon repository cloning, bypassing traditional dependency-based security triggers. On June 5, 2026, the campaign compromised Microsoft’s durabletask repository, triggering the automated disabling of 73 repositories and a global disruption of the Azure Functions deployment action. The attack focused on the automated harvesting of cloud keys, GitHub tokens, and AI provider API keys by exploiting intended agent functionality.