TeamPCP hackers have been on a rampage this month, their biggest scalp being a massively-popular AI tool that connects to ChatGPT and Anthropic LLMs.gettyOn Tuesday, the FBI’s Cyber Division issued a critical alert that a hacker crew had breached two hugely-popular developer tools, creating a security disaster for millions of AI creators. Now the crew, known as TeamPCP, tells Forbes over encrypted chat that it used AI to turbocharge the attacks. It’s an early example of how tools that are supposed to secure AI software are themselves vulnerable to hackers who’re speeding up and enhancing their attacks with AI.“It’s a nightmare scenario for the cyber community, not just in the case of open source, but the rise of AI agents has made one of the most expensive parts of offensive cyber much cheaper than it used to be,” says Ben Hirschberg, CTO and cofounder at Israeli cybersecurity company Armo.TeamPCP’s first major target was Trivy, a popular open source security scanner used by as many as 10,000 companies to look for weaknesses in their software before it’s released. TeamPCP used an AI agent to trick the security tool into handing over a key to its GitHub account. Then the hackers used that access to release malicious versions of Trivy.“This attack wasn’t highly sophisticated at all but it was initially effective.”
These Hackers Launched A ‘Nightmare’ Attack On AI Developers
TeamPCP hackers say AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place.
918 words~4 min read
