Microsoft just had 73 GitHub repositories — including the Azure Functions Action — disabled after a supply chain attack that didn't target developers directly. It targeted their AI coding agents.
The Miasma worm is a new class of threat. Understanding how it propagated, and why existing defenses missed it, matters for anyone running agentic CI/CD workflows today.
What Happened
The Miasma worm executed a supply chain attack specifically targeting AI coding agents operating inside CI/CD environments. Microsoft's Azure Functions Action and 72 other repositories were disabled as a result. The attack propagated malicious code across repositories by exploiting agentic AI workflows — the automated pipelines where AI coding assistants read code, call tools, make commits, and trigger further actions.
This wasn't a misconfigured secret or a phishing link. The AI agents themselves were the attack surface.
