AI-Powered Nx Supply Chain Attack Exposes Thousands of Corporate Secrets

Malicious npm packages leveraged Claude, Gemini, and Amazon Q to hunt for sensitive files, impacting over 1,700 users

A sophisticated supply chain attack targeting the popular Nx development framework has exposed thousands of corporate secrets by weaponizing AI-powered command-line tools to automatically identify and steal sensitive files from infected systems.

Security researchers at Wiz discovered that attackers compromised npm publishing tokens for Nx packages through a vulnerable GitHub Action, then distributed malicious versions across multiple Nx packages. The attack ultimately leaked over 2,000 verified secrets from more than 1,700 users, with an additional 20,000 files extracted across 250 cases.

"This was the first indication many organizations received of being compromised," Wiz reported after directly notifying over 50 major affected companies through their incident response efforts.

AI-Enhanced Attack Methods

What sets this attack apart is its innovative use of AI command-line interfaces. The malware specifically targeted systems with Claude, Google Gemini, or Amazon Q installed, using these tools to intelligently search for sensitive files like API keys, wallet data, and configuration files.

The attackers refined their AI prompts throughout the campaign, evolving from basic file searches to sophisticated "penetration testing agent" personas designed to bypass AI safety guardrails. 

AI prompts

However, this AI-powered approach proved inconsistent—roughly 75% of attempts failed due to missing CLI tools, task refusals by AI models, or configuration issues.

Three-Phase Attack Strategy

The attack unfolded across three distinct phases: initial secret exfiltration to public "s1ngularity-repository" GitHub repos, abuse of stolen GitHub tokens to expose 6,700 private repositories from 480 compromised accounts, and a final phase targeting a single organization with over 500 leaked repositories.

Despite GitHub's intervention, significant risks remain. Nearly 40% of leaked npm tokens and 5% of GitHub tokens remained valid days after the initial discovery, creating opportunities for follow-on attacks.

Organizations should immediately audit their GitHub logs for "s1ngularity" strings in repository events and revoke any exposed credentials. The incident highlights the growing sophistication of supply chain attacks and the emerging threat of AI-augmented malware in enterprise environments.