csoonline.com

Attack targeting OpenAI Codex users exposes AI software supply chain risks (opens in new tab)

Covers Legitimate-Looking Codex Remote UI Secretly Steals Your AI TokensCovered by infoworld.com

A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to an external server. “AI developer tooling is becoming a high-value target precisely because the tok...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 2 articles

infoworld.com·

OpenAI fixed a visibility problem; the governance problem remains.

Feeds
infoworld.com·

Attack targeting OpenAI Codex users exposes AI software supply chain risks

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help