One anonymous GitHub comment just hijacked Microsoft's SIEM and Google's AI agent kit. 300+ enterprise repos are wide open.

Novee Security just disclosed Cordyceps.

A systemic class of CI/CD vulnerabilities hiding in GitHub Actions workflows.

They scanned 30,000 repositories. 654 flagged. 300+ confirmed fully exploitable.

The targets are not random.

Microsoft Azure Sentinel. Google's AI Agent Development Kit. Apache Doris. Cloudflare Workers SDK. Python Black.

At Microsoft, a single anonymous PR comment executed attacker code on Microsoft's CI infrastructure.

It stole a non-expiring GitHub App key.

That key grants persistent write access to security detection content deployed directly into customer Sentinel workspaces.

Your SIEM just became the attack vector.

At Google, one malicious pull request gained owner-level access to the associated Google Cloud project.

The highest possible GCP privilege. From a free GitHub account.

The exploit pattern is not complicated. It is structural.

Permissive CI/CD workflows execute untrusted PR code with elevated privileges. Attackers inject commands through comments, branch names, or看似 legitimate code changes.

The worst part: AI coding agents are now generating CI/CD configurations at scale.

They reproduce the same insecure patterns across millions of repositories.

Your development team's AI copilot is building the backdoor for them.

Audit every GitHub Actions workflow in your organization today.

Enforce least privilege for CI tokens. Require maintainer approval before external PRs execute.

Treat your CI/CD YAML with the same rigor as your application code. It is now the primary attack surface.

SOURCE: https://novee.security/blog/cordyceps/
VERIFIED: Novee Security research disclosure (June 23, 2026), Dark Reading coverage (June 23, 2026), Hackread independent verification (June 23, 2026)
SIGNAL: Microsoft and Google confirmed impact. 300+ repositories validated as fully exploitable. AI coding agents are amplifying the vulnerability by generating insecure CI/CD patterns at scale. This is the supply chain attack vector your CISO is not monitoring.