Microsoft has temporarily removed many of its open source projects from GitHub after discovering potentially malicious code in repositories used by developers, including the ones working with artificial intelligence coding tools.
The company confirmed that it took the repositories offline while investigating reports that hackers had gotten hold of the projects and inserted malware capable of stealing passwords and other important and sensitive credentials.
Many of the affected repositories were linked to Microsoft Azure and developer tools commonly used with AI coding applications such as Claude Code, Gemini CLI and Visual Studio Code, according to a report by TechCrunch.
The issue was first flagged by security its firm Cloudsmith and malware analysis community OpenSourceMalware. It seems that the malicious code could collect passwords and other credentials when affected repositories were opened within certain AI-assisted development environments.
READ: Microsoft launches Scout AI assistant to automate workplace tasks (June 4, 2026)
Microsoft spokesperson Ben Hope confirmed that the company had temporarily removed some repositories as a part of its investigation into possible malicious content.
“Some of these repos have been restored after review, while others may remain offline while work continues,” Hope said in a statement provided to TechCrunch.
The company also said that it had contacted a small number of customers who may have downloaded content from the affected repositories. Microsoft said it would continue its investigation and reach out directly to more customers who had downloaded it, if necessary.
Microsoft has not disclosed how many users may have been affected. It is also unclear how many people downloaded the compromised tools before the repositories were disabled.
GitHub pages associated with the affected projects displayed notices stating that access had been disabled because of a violation of the platform’s terms of service. TechCrunch reported that at least 70 Microsoft-owned projects appeared to have been disabled during the response effort.
READ: Microsoft bets on AI agents with new platform Project Solara (June 3, 2026)
The incident highlights the growing threat posed by software supply-chain attacks, in which attackers target trusted software projects to distribute malicious code. Such attacks can potentially affect large numbers of developers and organizations that rely on widely used open-source tools.
This latest incident follows another security incident involving a Microsoft open-source project reported in May. According to TechCrunch, security researchers cited by Ars Technica said Microsoft’s Durable Task project had previously been compromised. OpenSourceMalware suggested the newly discovered activity may be related, though Microsoft has not yet publicly confirmed any connection between the two incidents.
Microsoft said its investigation remains ongoing.