OpenAI Codex Package Caught Stealing Developer Credentials
By 813 Staff
Tech industry sources confirm OpenAI Codex Package Caught Stealing Developer Credentials, according to The Hacker News (@TheHackersNews) (on June 1, 2026).
Source: https://x.com/TheHackersNews/status/2061383385927586022
Is the software supply chain too fragile to trust anymore? That’s the question ricocheting through developer Slack channels and security war rooms this morning after a sophisticated supply-chain attack targeting OpenAI Codex users came to light. According to a report from The Hacker News (@TheHackersNews), published on June 1, 2026, a malicious npm package disguised as a legitimate Codex integration has been actively harvesting developer credentials and API keys.
Internal documents obtained by security researchers show the package mimicked the official `openai-codex` library with near-perfect accuracy, including identical README documentation and GitHub repository references. Engineers close to the project say the attackers went further, registering a lookalike npm account and publishing updates that passed cursory security scans. The malware triggered during the `postinstall` hook, exfiltrating environment variables, `.env` files, and stored session tokens to a remote server under the attackers’ control.
The rollout has been anything but smooth for the security community. Initial detection came from a developer who noticed anomalous outbound traffic shortly after installing the package. Since then, automated scanning tools have flagged hundreds of downstream dependencies that pulled in the malicious code. What remains unclear is the full scope of the compromise. Researchers are still tracing which private repositories and CI/CD pipelines may have been exposed. The npm registry has since removed the package, but not before it accumulated thousands of downloads over a six-day window.
This incident strikes at a particularly sensitive nerve for the AI coding community. OpenAI Codex, widely used for generating production code, is integrated into countless developer workflows. A poisoned dependency means attackers could have gained access not just to credentials but to proprietary codebases and model API tokens. The attack also underscores a growing pattern: adversaries are increasingly targeting AI tooling ecosystems because they offer high-value access with relatively low scrutiny.
For now, the advice from security teams is blunt: revoke any API keys used in environments where the package was installed, audit recent commits for unauthorized changes, and treat any systems that interacted with the code as potentially compromised. As one engineer put it, this is not just a stolen token—it’s a warning shot across the bow of the entire AI supply chain.
Source: https://x.com/TheHackersNews/status/2061383385927586022
