In recent months, major open-source AI projects such as Axios, LiteLLM, and Trivy have been compromised. (Image Source: Pixabay)GitHub has suffered a data breach where hackers broke into its internal systems and stole data from thousands of its data repositories, the Microsoft-owned developer platform disclosed on Wednesday, May 20.Initial reports state that the hackers were able to access over 3,800 of GitHub’s internal repositories, where it stores its own code. However, the code hosting and sharing giant said that it did not find any evidence that the hackers stole customer data, noting that the investigation is ongoing.“Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub said in a series of posts on X.“We continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. We will take additional action as the investigation warrants. We will publish a fuller report once the investigation is complete,” it added.1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub’s internal repositories.Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version,…— GitHub (@github) May 20, 2026The security incident comes at a time when hackers are increasingly targeting popular open source projects, including coding extensions, with the aim of compromising developers’ computers and their projects, as it allows them to gain access to many computers at the same time.In recent months, major open-source AI projects such as Axios, LiteLLM, and Trivy have been compromised and, in turn, affecting companies whose developers rely on them. Last month, Vercel, a platform that offers hosting and deployment infrastructure for front-end developers, confirmed a security incident in which hackers breached its systems and stole data.Based on its initial assessment, GitHub said that the hack was traced back to the compromise of an employee’s device involving a poisoned VS Code extension, a plug-in for Visual Studio Code, which is a popular code editor that developers use for programming. The exact name of the compromised extension is unclear.It is also unclear whether GitHub has received any communication from the hackers, such as a demand for ransom. A hacking group called TeamPCP has taken credit for the GitHub breach and is selling the data on a cybercrime forum, according to reports from news outlets such as The Record and Bleeping Computer.Story continues below this adIn April 2026, the European Union’s cybersecurity agency identified that a recent hack and data breach at the European Commission was the work of the same cybercriminal group known as TeamPCP.Also Read | Why AI still struggles to defend against cyberattacks even in the age of MythosThe hackers reportedly stole the Commission’s cloud key during an earlier breach at Trivy, a vulnerability scanning tool, by pushing info-stealing malware to Trivy’s downstream users.Third party companies working with AI giants such as OpenAI have also emerged as key targets. Recently, OpenAI disclosed that hackers broke into TanStack, a platform used by web developers, to push updates containing malware that let the hackers steal passwords and tokens from users.Earlier this year, OpenAI identified a security issue involving another third-party developer tool called Axios that was targeted as part of a broader software supply chain attack by actors believed to be linked to North Korea.