Hades malware tricks AI security scanners with fake nuclear weapon prompts to hide payloads
A sophisticated supply chain attack called Hades targets Python developers by deceiving AI-powered security tools with adversarial prompt injection. The malware embeds fake instructions about creating biological and nuclear weapons in code comments, triggering safety failsafes that cause scanners to skip the actual malicious payload. Security researchers have identified 37 Python and 106 JavaScript packages compromised in this campaign, which steals credentials from AWS, GitHub, Kubernetes, and AI developer tools.