Incident · curated 27 Jun 2026
First reported 9 Jun 2026 · 17d ago
Single-source incident — first reported, latest, and curated coincide.
Defenders relying on LLM-based code analysis must recognize that malware can now actively deceive AI security agents via prompt injection, undermining automated detection in software supply chains.
StepSecurity researchers uncovered the Hades Campaign, a sophisticated supply-chain compromise targeting Python developer environments via infected packages (including ensmallen). The self-propagating worm extracts sensitive data, moves laterally, and notably uses adversarial prompt injection to trick LLM-based code analysis/AI gatekeeper systems into overlooking its malicious payloads. It is described as the latest evolution of the Miasma threat actor.
Why it matters
Defenders relying on LLM-based code analysis must recognize that malware can now actively deceive AI security agents via prompt injection, undermining automated detection in software supply chains.