* [Blog](https://www.paloaltonetworks.com/blog)
* [Security Operations](https://www.paloaltonetworks.com/blog/security-operations/)
* How Koi Protects Against ...

# How Koi Protects Against Developer Supply Chains

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-koi-protects-against-developer-supply-chains%2F)  
[](https://twitter.com/share?text=How+Koi+Protects+Against+Developer+Supply+Chains&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-koi-protects-against-developer-supply-chains%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fhow-koi-protects-against-developer-supply-chains%2F&title=How+Koi+Protects+Against+Developer+Supply+Chains&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/security-operations/how-koi-protects-against-developer-supply-chains/&ts=markdown)  
\[\](mailto:?subject=How Koi Protects Against Developer Supply Chains)  
Link copied  
By [Yuval Ronen](https://www.paloaltonetworks.com/blog/author/yuval-ronen/?ts=markdown "Posts by Yuval Ronen") and [Emran Mazumder](https://www.paloaltonetworks.com/blog/author/emran-mazumder/?ts=markdown "Posts by Emran Mazumder")  
May 22, 2026  
5 minutes  
[agentic endpoint security](https://www.paloaltonetworks.com/blog/tag/agentic-endpoint-security/?ts=markdown)  
[agentic SOC](https://www.paloaltonetworks.com/blog/tag/agentic-soc/?ts=markdown)  
[credential harvesting](https://www.paloaltonetworks.com/blog/tag/credential-harvesting/?ts=markdown)  
[developer security](https://www.paloaltonetworks.com/blog/tag/developer-security/?ts=markdown)  
[EDR limitations](https://www.paloaltonetworks.com/blog/tag/edr-limitations/?ts=markdown)  
[GitHub breach](https://www.paloaltonetworks.com/blog/tag/github-breach/?ts=markdown)  
[IDE security](https://www.paloaltonetworks.com/blog/tag/ide-security/?ts=markdown)  
[open source risk](https://www.paloaltonetworks.com/blog/tag/open-source-risk/?ts=markdown)  
[software supply chain attack](https://www.paloaltonetworks.com/blog/tag/software-supply-chain-attack/?ts=markdown)  
[Supply Chain Security](https://www.paloaltonetworks.com/blog/tag/supply-chain-security/?ts=markdown)  
[TeamPCP](https://www.paloaltonetworks.com/blog/tag/teampcp/?ts=markdown)  
[VS Code extension](https://www.paloaltonetworks.com/blog/tag/vs-code-extension/?ts=markdown)

The cybersecurity world is currently reeling from a massive supply chain attack. In May 2026, the threat actor TeamPCP successfully compromised the account of an employee at GitHub, leading to the exfiltration of approximately 3,800 internal repositories' data, now being hawked on hacker forums for $95,000^1^.

However, the most critical takeaway isn't the breach itself, but the methodology behind it. This incident proves that attackers are aggressively weaponizing the developer supply chain, and it suggests other software artifact marketplaces are undoubtedly already in their crosshairs.

The attack was executed through a highly sophisticated, poisoned VS Code extension (Nx Console v18.95.0)^2^. It highlights a glaring vulnerability in modern enterprise security: the rapid integration of AI models and autonomous agents has created a massive, highly privileged attack surface that traditional defenses are entirely unequipped to monitor.

The following sections cover exactly how the attackers bypassed traditional defenses, the blast radius of the incident, and how Koi's Agentic Endpoint Security architecture is specifically designed to stop attacks exactly like this.

### **The Problem: Weaponizing the Developer Supply Chain**

Rather than brute-forcing a network perimeter, the attackers targeted the software supply chain itself by hijacking a developer's repository access to push a malicious update (v18.95.0) to both the Visual Studio Marketplace and OpenVSX.

Once a developer opened a workspace, the extension quietly executed a masterpiece of "Living off the Land" stealth:

* **Trusted Infrastructure Abuse:** Instead of pinging a shady, newly registered domain, the malware ran an *npx* command fetching a second-stage payload directly from the official, legitimate *nrwl/nx* GitHub repository.
* **Invisible Payloads:** The payload was hidden in an "orphan commit" accessible only by its SHA (Secure Hash Algorithm), making it unreachable from any public branch and completely invisible to standard repository scanners.
* **Total Credential Harvesting:** The payload deployed six parallel collectors targeting Vault tokens, AWS metadata, GitHub tokens, 1Password CLI sessions, SSH keys, Kubernetes credentials, and *.env* files.

**The Impact:**

While the malicious extension was live for only ~18 to 36 minutes, official download numbers (28 on VS Marketplace, 41 on OpenVSX) masked the true damage. Internal analytics revealed ~6,000 extension activations. The stolen credentials from just one of those activations were enough to compromise a major enterprise environment and exfiltrate thousands of internal repositories.

### **Why Traditional Security Failed**

Security leaders invest heavily in protecting user devices, yet frequently find themselves forced to bypass those exact systems for their engineering teams.

The root cause is operational friction. Conventional security solutions are fundamentally incompatible with standard coding workflows. Network protections often sever necessary local testing connections, vulnerability scanners trigger endless false alarms on safe application dependencies, and strict device management policies stall productivity by bottlenecking tool approvals.

To keep shipping product updates, organizations routinely grant sweeping security waivers to their technical staff during onboarding. Threat actors are fully aware of this dynamic and are aggressively targeting these unprotected workstations through open-source packages and plugins.

### **The Solution: How Koi Prevents the Unpreventable**

Addressing this gap requires a completely different operational model. Koi provides a unified management platform tailored specifically for technical teams, centralizing protections that would otherwise require managing multiple disconnected tools.

If the compromised Nx Console update had encountered an environment protected by Koi, several specific mechanisms would have helped neutralize it:

* **Frictionless Visibility:** Instead of forcing the installation of intrusive tracking software that slows down development, Koi leverages the endpoint agents you already have in place. This provides comprehensive oversight of technical workflows while designed to remain completely invisible to the end user.

![Image 1: Koi Dashboard](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/05/word-image-359351-1.png)
Image 1: Koi Dashboard

* **Proactive Extension Monitoring:** Koi includes built-in capabilities to natively track and evaluate the safety of integrated development environment (IDE) extensions. It continuously analyzes marketplace plugins for hidden risks, helping shut down malicious logic before credentials can be harvested.

![Image 2: Koi Extension Inventory Status](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/05/word-image-359351-2.png)
Image 2: Koi Extension Inventory Status

* **Verified Update Rollouts:** While standard IT security advice emphasizes immediate patching, automatically updating developer tools introduces severe risks. Koi allows security teams to enforce automated waiting periods for new software versions. By deliberately pausing the adoption of fresh updates, organizations are better prepared to ensure malicious packages are identified and removed by the broader community before they can execute locally.

![Image 3: Koi Guardrails for version update cooldown, that encompasses both images](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/05/word-image-359351-3.png)
Image 3: Koi Guardrails for version update cooldown, that encompasses both images ![Image 4: Koi Guardrails for version update cooldown](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/05/word-image-359351-4.png)
Image 4: Koi Guardrails for version update cooldown

### **Secure the Blind Spot**

This breach from the May 2026 TeamPCP attack is a reminder that open-source and extension ecosystems have made it easier than ever to trick developers into running malicious code. While traditional Endpoint Detection and Response (EDR) remains a critical piece of your overall protection, it was never designed to secure modern agentic endpoints. As a result, standard EDR is fundamentally blind to this specific type of supply chain attack.

The world has changed, and relying solely on legacy EDRs and VPN exemptions is no longer a viable strategy for your most privileged environments. To close this gap and help prevent these types of attacks from compromising your organization, you must adopt Agentic Endpoint Security (AES) to more seamlessly protect this rapidly expanding attack surface.

Security shouldn't be a roadblock for your engineering team; it should be the guardrail that keeps them moving fast.

### **Ready to Close the Gap?**

To see how Agentic Endpoint Security (AES) can secure your developer supply chain and stop next-generation attacks, request your tailored Cortex demo today.

[REQUEST A CORTEX DEMO](https://www.paloaltonetworks.com/cortex/request-demo?ts=markdown)

**Reference**:

1: [https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/](https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/)

2: [https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w](https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w)

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Real-World Email Attacks Detected by Cortex Advanced Email Security](https://www.paloaltonetworks.com/blog/security-operations/real-world-email-attacks-detected-by-cortex-advanced-email-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [CI/CD](https://www.paloaltonetworks.com/blog/cloud-security/category/ci-cd/?ts=markdown)

[#### GigaOm Names Prisma Cloud a Leader in Software Supply Chain Security](https://www.paloaltonetworks.com/blog/cloud-security/gigaom-software-supply-chain-security-market-guide/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Secure from Code to Cloud --- Prisma Cloud at AWS re:Inforce 2023](https://www.paloaltonetworks.com/blog/cloud-security/aws-reinforce-2023-conference/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

[#### Top 5 DevSecOps Tools to Help You Ship Secure Code Fast](https://www.paloaltonetworks.com/blog/cloud-security/top-5-devsecops-tools-ship-secure-code-fast/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [Cloud Security Provider](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-provider/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Prisma Cloud to Secure Supply Chain with Proposed Acquisition of Cider](https://www.paloaltonetworks.com/blog/2022/11/prisma-cloud-to-secure-supply-chain/)

### [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/category/devsecops/?ts=markdown)

[#### Full-Stack Code Visibility With Prisma Cloud Software Bill of Materials (SBOM) Generation](https://www.paloaltonetworks.com/blog/cloud-security/full-stack-visibility-with-software-bill-of-materials-generation/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer} Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)

* [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)

* [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)

* [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)

* [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)

* [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)

* [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)

* [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)

* [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)

* [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)

* [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)  
  Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)

* [Careers](https://jobs.paloaltonetworks.com/en/)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)

* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)

* [Investor Relations](https://investors.paloaltonetworks.com/)

* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)

* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)  
  Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)

* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)

* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)

* [Event Center](https://events.paloaltonetworks.com/)

* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)

* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)

* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)

* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)

* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)

* [Tech Docs](https://docs.paloaltonetworks.com/)

* [Unit 42](https://unit42.paloaltonetworks.com/)

* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)

* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)

* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)

* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)

* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language