How Github was hacked

To understand that first we need to trace the sequence of events before it’d happened. And, God, there were MANY:

  1. On the span of entire 2025 Anthropic’s Claude delivered tons of features and became de-facto the leader in the AI coding race
  2. Flood of security AI reports hitting Linux Kernel at the end of 2025 – beginning of 2026
  3. February 2, 2026: Dependabot service failed to create 10% of automated pull requests due to a database cluster failover.
  4. February 9, 2026: Major core service disruptions included in platform resilience reviews.
  5. March 19–20, 2026: Copilot Coding Agent service dropped out entirely due to a system authentication credential issue, leading to a 99% error rate.
  6. April 27, 2026: Elasticsearch subsystem overloaded (suspected botnet attack), causing code search, pull requests, and issues to return zero results.
  7. Apr 29: Linux Kernel was officially hacked (infamous the “Copy Fail” vulnerability aka CVE-2026-31431). Non-official way earlier.
  8. May 5–6, 2026: Multiple sequential incidents affecting GitHub Actions runners and Copilot Cloud Agent sessions.
  9. 17 May: Linus overwhelmed with the AI flood
  10. May 18: Boom! Github admitted it was hacked
  11. May 19, 2026: GitHub Copilot api requests failed at a peak rate of 13%, degrading completions and chat.
  12. May 20, 2026: GitHub Actions experienced significant start delays, impacting 4.5% of overall runs.
  13. May 23, 2026: Intermittent errors specifically involving application installation token authentication.
  14. May 26, 2026: GitHub Actions runs completely degraded; new runs failed to start for over an hour.
  15. New chapter here where open source projects restricting AI contributions (A Denial stage has started). You know where it’s going… (…->Anger->Bargaining->Depression->Acceptance->..?).

Coincidence?

Outages stopped only after May 26. Looks like the hackers were trying different approaches since at least February or actively pulling the data from the servers. And while the Github CyberSecs were hunting them they were able to penetrate the system and by the time the attack vector was finally detected it had passed at least a week since the hack was admitted by Github. God knows what amount of information was leaked by the end of the attack. One counted >3800 private repos were stolen. Given that it was a root access presumably some private keys were leaked as well and other sensitive information the consequences of what we’re about to see very soon. Nevertheless the hacker gave a hard time to the InfoSec team for sure.

Why the VS Code extension leak doesn’t sustain any critics?

Official root cause saying:

One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.

And why it didn’t happen:
  1. Usually the security is hardened the way contributors don’t have a direct access to production environments. They are working in they dev sandboxes. Then pass the code to the downstream pipeline where it’s handled by different teams processes eliminating the secrets exposure.
  2. Leak prevention and anti-malware software that runs on the market place server and on the developer infrastructure don’t let you leak arbitrary sensitive data
  3. The scripts that landed may not much the architecture or environment on the target machine or have enough permissions to be executed
  4. Doesn’t the VS Code market place has a sanitization check or a security scanner for the packages?

These are all valid questions to answer. Usually the most simple explanations is the most feasible.

There are 2 ways that seemingly simple to achieve:
  1. SSH was hacked directly because you can just connect to [email protected] with your ssh client and then patch the kernel from there. Looks like this hole they’ve already hardened by removing the direct shell access by now.
  2. API was hacked with reverse engineering technique (IDA MCP plugin)? God bless Claude Code!

One can reverse engineer binaries of the Enterprise version of Github (GHES) then try the same attack vector on the public Github. Pretty neat, isn’t it? 🤙🏻

Kernel’s git history

An AI agent can easily navigate a history of changes in a repo and find vulnerabilities in the code.

Commit number 72548b0 is to blame since Aug 9, 2017. Which wasn’t verified BTW (talking about the kernel contribution process).

Organised crime or just hacker kids?

Yet another question to be answered.

So-called TeamPCP behind the attack. No names, no traces so far and so much conviction that modern kids just don’t have.

State-sponsored attacks? Can be possible with all political instabilities in the world and the AI race.

Corporations? Also possible then should be a financial trace to be uncovered very soon. There is also a motivation to the “Rewrite everything in Rust” movement. Well… again, it’s not going to help.

Conclusion

AI work both ways:

  1. Generate x1000 more slop on top of a normal developer is already doing
  2. Helps to find vulnerabilities and eventually exploit them
What to do and where it’s going?

What is not an option?

  1. Adding more restrictive policies on the way of training of LLM models similar to censorship.
    • Probably will see some half-baked solutions here which will eventually are not going to work.
  2. Deny the progress and restrict AI contributions to open source projects.
    • Well… see the close #14
Conspiracy theory

It may look like that. Seems to much effort was taken to bring down the service and hit the headlines. So much conviction for no profit from this? Very, very suspicious.

Who’s profiting from the attacks and What’s behind the Rust movement? The same greedy corporations?

Yes, C/C++ is not safe with all the UBs and unsafe memory management. One also can say it’s a skill issue and will be right as well. Another way is evolving the compiler so it becomes more safe without sacrificing portability (it’s where C++ is going). But as we all know delays on the road of the technical progress are not tolerated well. Many companies paid a bad tall for that and even didn’t survive (SGI, Sun Microsystems etc.). The only alternative (cough… not perfect) left is Rust. Looks like a prophecy and Rust is our savior. I can’t believe that humanity is here again! Another turn of the spiral has begun: the “Rewrite everything in Rust” movement. Insane, just insanity.

Let’s think a step forward. It’s achievable but would it save the day?

The Bun project has already converted their codebase in Rust with using Claude Code and it looks promising. The time will tell how this experiment is going to end up.

I certainly know that no software is safe and 100% secure and sooner or later it’ll be hacked with a help of LLM or not. That’s the reality check. We can see it now more than ever. The only BIG change now is AI agents joined the cyber forces and there is no step backward already. The pace of attacks has exponentially increased. Human mind cannot comprehend what monster we’ve released because the combinatoric scale of an AI agent is magnitudes higher than a single human or even a big group of people and looks like we’ve already lost control of it.

But again said that what should we do with it? Keep updating our devices/servers every second and pray that our lives are completely safe? Can corporations protect our privacy in full? Go live in the forest and deny the progress? Is this vicious circle going ever end? Doesn’t look too bright, does it? Can quantum computers become a safe heaven for some time? Will the software completely change the shape or disappear as a class? Hardly one can tell. I think the answer lies not in the technical solution here or more in the cultural shift that’s required here.

Let the Force Be With You!

And, As usual, Your VR

Join Me

romanov

, , , , ,
, , ,