> The credential-stealing function in the Miasma worm infecting the Microsoft packages was triggered as soon as a developer opened it in AI agents, including Claude Code, Gemini CLI, Cursor, and VS Code. Follow-on attacks are likely to occur in the highly feasible event that credentials were successfully harvested from machines that opened the packages in one of the affected AI agents.
It's really crazy that the most valuable companies in the world are suddenly allowing or even encouraging their employees to run programs whose entire functionality is undefined behavior right on their work computers, with access to important credentials and proprietary source code.
I think we’ll witness the birth of the single-credential virtual desktop shortly. Remote VSCode in a very constrained environment - with access only for inbound connections from the desktop/thin client, source control, and trusted package repos.
And all serious credentials ephemeral and single-use.
> The credential-stealing function in the Miasma worm infecting the Microsoft packages was triggered as soon as a developer opened it in AI agents, including Claude Code, Gemini CLI, Cursor, and VS Code. Follow-on attacks are likely to occur in the highly feasible event that credentials were successfully harvested from machines that opened the packages in one of the affected AI agents.
It's really crazy that the most valuable companies in the world are suddenly allowing or even encouraging their employees to run programs whose entire functionality is undefined behavior right on their work computers, with access to important credentials and proprietary source code.
I think we’ll witness the birth of the single-credential virtual desktop shortly. Remote VSCode in a very constrained environment - with access only for inbound connections from the desktop/thin client, source control, and trusted package repos.
And all serious credentials ephemeral and single-use.
This is why we can’t have nice things.
That’s just lovely.