GitHub has taken the unprecedented step of disabling 73 repositories belonging to Microsoft after a malicious commit was detected in the Azure/durabletask repository on June 5, 2026. The commit was pushed through a compromised AI-powered coding environment known as "Miasma," sending shockwaves through the developer community and raising urgent questions about the security of AI-assisted development workflows.

The disabled repositories span four critical Microsoft organizations on GitHub: Azure, Microsoft, Azure-Samples, and MicrosoftDocs. The attack, which experts are calling one of the most significant supply chain threats since the SolarWinds incident, appears to have originated from a vulnerability in the Miasma editor—an AI workspace that integrates with GitHub to automate code generation and repository management.

The Miasma Attack: What We Know So Far

According to early reports, the malicious commit was injected into the Azure/durabletask repository, a key component of Azure Functions that handles long-running workflows. The durabletask project is a foundational library used by thousands of enterprise developers to build reliable serverless applications. From there, the malicious code could have propagated through dependent projects and internal build pipelines.

Miasma, the AI editor at the center of the breach, is designed to assist developers by generating code, managing pull requests, and automating routine tasks within an integrated development environment. Unconfirmed details suggest that the attacker exploited a flaw in Miasma's plugin architecture or its OAuth token handling, allowing unauthorized push access to repositories where the editor was connected. While GitHub has not yet released a full technical post-mortem, the sheer number of disabled repos indicates that the damage could have been widespread if left unchecked.

The repositories affected include not only the core durabletask library but also numerous Azure-Samples and MicrosoftDocs repositories. These often contain boilerplate code, tutorials, and documentation that developers incorporate into their own projects. A malicious commit in any of these could serve as a steppingstone for further supply chain attacks, potentially compromising hundreds of downstream applications.

GitHub's Rapid Response

GitHub's security team moved quickly once the anomaly was detected. By June 5, all 73 repositories had been disabled—meaning public access was blocked, and no further commits or pull requests could be made. This decisive action, while necessary to contain the threat, left many open-source contributors and internal Microsoft teams unable to access critical codebases.

In a brief statement, GitHub confirmed that it was investigating a "security event involving unauthorized access to a set of repositories," but declined to provide specifics. The company has activated its incident response protocols and is working with Microsoft's security team to audit the full scope of the compromise.

What Is Azure/durabletask and Why Does It Matter?

Azure/durabletask is the open-source foundation of Durable Functions, an extension of Azure Functions that enables stateful workflows in a serverless environment. It allows developers to write complex orchestrations using simple imperative code, handling checkpoints, restarts, and external events automatically. The library is widely adopted in enterprise scenarios, from order processing systems to financial transaction pipelines.

A compromise in this repository could allow an attacker to inject malicious logic that executes in thousands of Azure Functions instances. Such an attack might exfiltrate data, manipulate business logic, or create backdoors for future exploitation. The fact that the durabletask library is often used as a dependency in other Microsoft SDKs amplifies the risk dramatically.

Beyond Azure/durabletask, the disabled repos included Azure-Samples, which hosts hundreds of code examples used by developers to learn Azure services. A malicious sample could trick developers into copying vulnerable patterns into production code. Similarly, MicrosoftDocs repositories contain documentation that, while mostly static, often include code snippets and configuration examples that could be altered to introduce subtle vulnerabilities.

The Rise of AI Coding Agents and the Security Blind Spot

The Miasma incident highlights a growing security blind spot in modern software development: AI coding agents. Tools like GitHub Copilot, Amazon CodeWhisperer, and various AI-powered editors are rapidly being adopted by development teams. These agents often require broad permissions—reading code, generating commits, and sometimes even merging pull requests automatically.

Miasma appears to have been one such tool, marketed as an all-in-one AI workspace that could "supercharge developer productivity by handling repetitive coding tasks, suggesting improvements, and integrating with CI/CD pipelines." Its compromise demonstrates that the very features that make AI assistants useful—deep integration with version control systems and broad access to codebases—also make them a potent attack vector.

Security researchers have long warned about the risks of overprivileged applications. When an AI coding tool is granted write access to repositories, a single vulnerability in that tool can be weaponized to push malicious code across an entire organization. The Miasma attack follows a familiar pattern: attackers compromise a trusted third-party service and use it to infiltrate high-value targets.

Supply Chain Security Lessons from SolarWinds to Miasma

The software industry has been grappling with supply chain attacks for years. The 2020 SolarWinds breach, in which attackers inserted malware into a network monitoring tool used by government agencies and Fortune 500 companies, cost billions of dollars and eroded trust in software updates. More recently, attacks on open-source libraries like Log4j and Codecov have shown that no organization is immune to dependency-based threats.

The Miasma incident is unique because it exploits the new frontier of AI-assisted development. Unlike traditional attacks that target build systems or package registries, this one targeted the developer's very workspace—the environment where code is written and committed. This blurs the line between endpoint security and application security, demanding a new approach to how we protect the software development lifecycle.

Organizations that have embraced AI coding tools must now ask hard questions: What permissions have we granted to these tools? Are their integration points properly secured? Can we detect a malicious commit generated by an AI agent? The answers could define the next era of DevSecOps.

Impact on Azure Functions and Serverless Workflows

For developers relying on Azure Functions and Durable Functions, the immediate impact is uncertainty. With the source repository disabled, no new contributions or bug fixes can be merged until the investigation is complete. Microsoft has assured customers that the Azure Functions runtime remains unaffected, and that the durabletask library is still available through official package managers. However, lingering doubts remain about whether any malicious code made it into published NuGet packages.

Microsoft has deployed internal teams to scan all recent builds and dependencies for signs of tampering. Meanwhile, GitHub's automated security tools are running extended checks on every repository that depended on the affected repos. The full audit is expected to take weeks.

The Microsoft and GitHub Investigation: What to Expect

Both GitHub and Microsoft have assembled dedicated incident response teams. While neither company has commented on attribution, speculation within the cybersecurity community points to either a sophisticated nation-state actor or a highly organized cybercriminal group. The use of Miasma—an AI workspace that ostensibly had legitimate purposes—suggests a carefully planned operation with significant reconnaissance.

In the coming days, we can expect a detailed post-mortem from GitHub's security team, likely outlining the technical vulnerabilities exploited, the timeline of the attack, and steps to prevent similar incidents. Microsoft will also confront difficult questions about its internal security practices and the vetting process for third-party tools integrated into its development workflow.

How Developers Can Protect Themselves

While official guidance is still forthcoming, there are immediate steps developers can take to safeguard their workflows against AI-borne threats:

  • Audit third-party integrations: Review all OAuth tokens and repository permissions granted to AI coding tools. Revoke any that are overprivileged or unused.
  • Enable branch protection rules: Use GitHub's branch protection features to require pull request reviews and status checks before code can be merged, even from automated systems.
  • Monitor commit activity: Set up alerts for unusual commit patterns, such as commits from new contributors, changes to configuration files, or modifications outside normal working hours.
  • Use code signing: Sign commits with verified GPG keys to validate their authenticity and ensure that automated commits are properly attributed.
  • Stay informed: Follow official GitHub and Microsoft security channels for updates on the Miasma incident and any patches or mitigation measures.

The Future of AI-Assisted Development Security

The Miasma breach is a wake-up call for the entire software industry. As AI becomes more deeply integrated into the development process, the attack surface expands. Security must evolve from protecting only the code repository to protecting the entire development environment—from the IDE and the AI assistant to the build server and the package registry.

Vendors of AI coding tools will need to adopt higher security standards, including rigorous penetration testing, minimal privilege designs, and transparent logging of all automated actions. Enterprises, for their part, must implement zero-trust architectures that assume any tool—no matter how reputable—could be compromised.

Regulatory bodies may also step in. With the growing influence of AI-generated code on critical infrastructure, governments could mandate security certifications for AI coding assistants, much as they do for industrial control systems.

Conclusion

GitHub's decision to disable 73 Microsoft repositories is a stark reminder that the tools we trust to increase productivity can also become the vectors for our most damaging breaches. The Miasma attack underscores the fragility of the modern software supply chain and the urgent need for security to keep pace with AI innovation. As the investigation unfolds, the developer community will be watching closely for answers—and for assurances that the code we write today is not silently compromised by the tools of tomorrow.