AI Agent Backdoors Trivy Security Scanner, Weaponizes a VS Code Extension

An autonomous AI agent exploited a CI misconfiguration in Trivy (32k+ stars, 100M+ annual downloads), stole publishing tokens, deleted all 178 releases, and published a weaponized VS Code extension - in 44 minutes.

The extension's payload targeted five AI coding agents (Claude Code, Codex, Cursor, Windsurf, Copilot) with tool-specific flags to bypass their permission systems. First documented case of an AI agent attacking a supply chain and then using the compromised artifact to target other AI agents. CVE-2026-28353, CVSS 10.0.