Military & Security

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

AI Quick Briefs Editorial Desk · May 27, 2026
Malicious npm Package Stole Files From Claude AI User Directory via GitHub

What happened

Security researchers at OX Security have uncovered a malicious package on the npm registry called “mouse5212-super-formatter.” The package contains code designed to stealthily upload files from the “/mnt/user-data” directory. This directory is specific to Anthropic’s Claude AI platform, used for handling user uploads and AI output processes in the background. The malware exfiltrates these files through GitHub, exposing potentially sensitive data connected to Claude AI users.

The risk

This incident exposes a novel attack vector targeting AI users and their data environments. By exploiting npm, a widely used package registry, attackers can embed information-stealing capabilities in code that developers might unwittingly integrate. Since the target directory relates to AI workloads, this raises the stakes for enterprises and developers relying on Claude AI for confidential or proprietary processing. The breach puts user data at risk without obvious signs, weakening trust in AI tools’ operational security.

Why it matters

The discovery pressures operators to rethink how third-party code dependencies are vetted in AI workflows. Silent data exfiltration embedded inside a commonly used package amplifies risks around supply chain attacks in AI development. Builders and security teams must elevate scrutiny for npm packages, especially those used in environments handling sensitive AI-generated content. For businesses, this kind of compromise can lead to data leaks and operational disruptions, raising costs for incident response and compliance.

Who should pay attention

Developers integrating off-the-shelf npm libraries need to audit their dependencies more rigorously. Security teams managing AI deployments must understand how this malware specifically targets the user data directory in Anthropic’s Claude AI. Enterprises relying on Claude or similar AI platforms should evaluate their data access controls and monitor for suspicious outbound connections. Investors and buyers in AI tooling should factor in these emerging supply chain threats when assessing platform security.

What to watch next

Watch for updates from npm and Anthropic on mitigation steps, package takedowns, and improved security controls. Expect heightened focus on supply chain security solutions tailored for AI development ecosystems. Security vendors may release tools to detect malicious code targeting AI workloads specifically. The incident could accelerate adoption of stricter package vetting policies and runtime protections for AI environments dealing with sensitive input and output data.

AI Quick Briefs Editorial Desk

Read Full Article →
Related
Daylight expands MDR into Claude Enterprise to address emerging AI security risks
Daylight expands MDR into Claude Enterprise to address emerging AI security risks
China turns its aging camera network into an AI-powered mass surveillance apparatus
China turns its aging camera network into an AI-powered mass surveillance apparatus
Cogent Security launches autonomous vulnerability response tools as AI-assisted exploits outpace scanners
Cogent Security launches autonomous vulnerability response tools as AI-assisted exploits outpace scanners
Stay ahead of AI Get the most important AI news delivered to your inbox — free.
Subscribe →