On March 31st, Axios was compromised. Four hundred million monthly downloads. The HTTP library sitting inside almost every web application your clients use, depend on, or have had custom-built for them.

The attacker did not touch a single line of code. They hijacked the maintainer's credentials, slipped in one hidden dependency, and let your clients' own systems install the malware automatically during a routine update. It stole every credential it could find, cleaned up after itself, and left no trace. Three hours. Gone before most people woke up.

That attack did not come out of nowhere. This is the fifth attack in twelve days between TeamPCP and UNC 1069 (North Korea).

We wanted one person on The CyberCall this week: someone who spent two decades at Foundstone, Mandiant, and FireEye investigating exactly how these attacks unfold. This person then built Cylerian to ensure MSPs have the tools to stop them before the 2 a.m. call comes in. This week's special guest is Vijay Akasapu, CEO of Cylerian.

Last week, a supply chain attack hit LiteLLM the open-source AI gateway that sits inside 36% of cloud environment and for about six hours, anyone who ran a routine install command handed over their SSH keys, cloud credentials, and API tokens to a threat group that had been quietly chaining compromises across the open-source ecosystem for months. The attack didn't announce itself. It passed every integrity check.

That is the world our guest operates in and it is exactly why her work matters right now. Ashleigh Vogstad is the CEO of Transcends, a go-to-market firm that works with MSPs, ISVs, and hyperscalers like Microsoft, and she is studying AI at Oxford while doing it. Today we are talking about how MSPs cut through a “sea of sameness”, build trust in the age of AI-driven search, and talk credibly about technology that is moving faster than most governance frameworks can keep up with.

Imagine this. A developer opens their laptop. Gets a routine VS Code update notification. Clicks install. Goes back to work.

What they don't know is that an AI triage bot the kind built to make their team more efficient just read a manipulated GitHub Issue title, followed hidden instructions, stole three publishing tokens, and silently installed a rogue AI agent on their machine. One that survives reboots. One that takes remote commands. One that they never heard of, never evaluated, and never consented to.

This wasn't a nation-state. This wasn't a zero-day. This was one sentence in a GitHub Issue title and it compromised 4,000 developer machines in 8 hours.

We are living in a moment where AI is installing AI and our security tools were not built for this.

Special guest: Liran Baron, CPO of SaaS Alerts.

Article: https://www.cremit.io/blog/ai-supply-chain-attack-clinejection