New Malware Campaign Tricks AI Scanners with Fake Nuclear Weapon Prompts — Malicious Code Triggers Safety Failsafes so Scanners Skip the Payload

The emergence of AI‑powered code scanners promised faster detection of malicious libraries, but the Hades campaign reveals a new adversarial vector. By inserting seemingly innocuous comments that issue dangerous instructions—such as building nuclear weapons—the attackers exploit the bots' built‑in safety mechanisms. When the AI model detects a prohibited request, it halts processing, leaving the rest of the file unchecked. This clever prompt‑injection bypass allows the true payload, often concealed in obfuscated sections or separate companion packages, to slip through undetected.

Beyond the technical sleight of hand, the campaign’s scale signals a shift in threat actors’ targeting strategy. Over 140 open‑source packages on PyPI, npm, and other registries have been compromised, including typo‑squatted names like "rsquests" that mimic popular libraries. The malware now activates only at runtime, leveraging Python's import system and precompiled binaries to avoid detection during installation. By harvesting a wide array of credentials—AWS temporary tokens, Kubernetes service‑account keys, SSH private keys, Docker configs, and even AI developer‑tool settings—the attackers aim for a broader foothold in high‑value AI research environments.

For enterprises and research teams, the takeaway is clear: AI‑based scanning should complement, not replace, traditional security controls. Static analysis, signature‑based detection, and sandbox execution remain essential to catch payloads hidden behind adversarial prompts. Moreover, rigorous package verification—checking author provenance, using reproducible builds, and employing dependency‑pinning—can mitigate the risk of typo‑squatting attacks. As AI integration deepens across the software supply chain, a layered defense that blends modern and classic techniques will be crucial to safeguard critical scientific and machine‑learning workloads.