Reading up on StepSecurity
1 deep · digging since mar 06
- A GitHub Issue Title Compromised 4,000 Developer Machines
A prompt injection in a GitHub issue title tricked an AI triage bot into executing code, enabling cache poisoning, credential theft, and publication of a compromised Cline npm package that silently installed the OpenClaw AI agent on 4,000 developer machines.