PANews reported on May 20th that GitHub released an update detailing its investigation into the unauthorized access incident to internal repositories : GitHub detected and contained an incident yesterday where an employee's device was compromised, involving a malicious VS Code extension. GitHub removed the malicious extension, isolated the affected endpoints, and immediately initiated an incident response. Current assessments indicate that data was leaked only from internal GitHub repositories, and the attacker's claim of approximately 3,800 repositories largely matches the investigation findings. GitHub has prioritized rotating critical credentials and is currently analyzing logs, verifying the credential rotation, and monitoring subsequent activity. A full report will be released upon completion of the investigation.

Furthermore, 23pds, Chief Information Security Officer of SlowMist, commented on the incident, stating : "Through analysis of leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal approximately 4,000 core internal repositories. These repositories contained Copilot's source code, CodeQL algorithms, Actions runtime data, and information about the entire billing system. Further analysis of this code could lead to further attacks, potentially having a profound security impact on the integration of the open-source community."