Security Alert | NX Compromised to Steal Wallets and Credentials | Semgrep Another day, another supply chain compromise… What’s interesting about this incident, aside from how popular Nx is, is the use of AI. First, the code that allowed Nx to be compromised was generated by Claude Code and reviewed by an AI bot. You can see the PR that introduced the vulnerability was meant to enforce PR titles follow convention, but it just takes the arbitrary text from the PR on the public internet and throws it into bash without any sanitization. So there’s a good chance it wasn’t actually reviewed by a person. Secondly, the malware that was later run on devs’ machines, tries to use tools like Claude Code to help it find secrets. ...