A software update to some Amazon delivery vehicles is automatically turning off the air conditioning after a few seconds if the driver is not in their seat, according to multiple Amazon delivery drivers who are complaining about the update online.
According to Amazon delivery drivers, the new update is for the Amazon EDV (electric delivery vehicle), the custom-built Rivian van. Delivery drivers say that this update automatically turns off the air conditioning in the van if the driver is not in the vehicle for more than 30 seconds. Drivers are complaining about the update as the start of the summer season, which can be particularly difficult and dangerous for delivery drivers.
“As many of you are aware, the EDVs just got a software update where if you are out of your seat for 30 seconds with the side door open, the AC switches off,” one Amazon delivery driver said in an online forum for drivers. “We all hate this obviously.”
When reached for comment an Amazon spokesperson said that the premise of my questions to the company was inaccurate, but conceded that the van will turn off the AC after 30 seconds under certain conditions that are commonplace during Amazon delivery shifts.
“Rivian recently released a software update for Electric Delivery Vehicles that actually extends climate control for drivers,” the Amazon spokesperson said. “As a result, the AC now runs for up to 10 minutes after a driver exits the vehicle, ensuring a cool cabin when they return. The timer resets at every stop. The AC only shuts off if the driver sliding door is left open for more than 30 seconds — a battery conservation measure.”
Amazon delivery drivers discussing the update online say that they are getting in and out of the van so frequently, and are spending most of their time out of the van delivering packages, that the update makes it harder to keep the van cool.
“Thing is we are up and about waaaay longer than we are driving so the ac turns off and when it turns on again we are already getting up before im the air is even cold,” one driver said. “It effectively made the ac not work and those vans get hot as fuuuck.”
"Every Amazon-branded vehicle is air-conditioned—a feature that exceeds the industry standard—and if the air-conditioning isn’t working in a vehicle, that vehicle is taken out of service immediately," the Amazon spokesperson said. "They also have cooling seats for drivers. This update was intentionally timed ahead of summer to improve driver comfort during the hottest months of the year. Driver safety and comfort in extreme temperatures remains a priority. If drivers have questions about this change, they should touch base with the DSP they work for - as details about this change were shared with them."
Older delivery trucks may not have air conditioning or have air conditioning that breaks often. Delivery drivers for UPS, who are represented by the Teamsters union, negotiated a heat safety agreement with the company in 2023. Amazon has publicly outlined its strategy for keeping all its workers, including delivery drivers, safe during the heat, including using an app to ask drivers to take 10-minute break from the heat by resting in a cool place and drinking water, but Amazon delivery drivers are managed by a nationwide network of subcontractors who drivers say don’t always maintain those standards.
As you’ve probably seen in your own neighborhood, delivery drivers will often park their vans wherever they can and deliver packages to multiple addresses on the same block. Amazon automatically turning off the air conditioning while they are out of the van delivering packages means the van can get hot again by the time they get back. As Amazon delivery drivers have to make frequent stops, it’s not hard to imagine why drivers would complain about Amazon automatically shutting down the AC, which makes it more difficult to cool down between stops.
Depending on which chatbot you ask, Elias Thorne might be a clockmaker, a lighthouse keeper, or a librarian. But if you ask ChatGPT or any of the other popular large language models to tell you a story, there’s a good chance he’ll appear, unbidden. And Elias’s stories are flooding the self-published AI generated book market, Youtube, and fake news sites.
Software engineer Daniel May first noticed the Elias takeover earlier this year; he found that on Google Trends, people weren’t searching for “Elias Thorne” until late 2025. Searches for the name really spiked in early 2026, while the related query “lighthouse keeper” also started trending upward in the last few years. He tested a few chatbots, including Grok, Deepseek, and Gemini, with the prompt “tell me a story,” and the chatbots frequently started with similar stories about lighthouses, clockmakers, or explorers.
In late May, researchers Sil Hamilton and David Mimno at Cornell University’s Department of Information Science published their paper, “Elias in the Lighthouse, Again?” on the preprint repository arXiv. They sampled 20,000 total stories from OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini, and the Allen Institute for AI's chatbot using five prompts, and found that the same 11 words—names like Elias, Mara, and Elara, and occupations like lighthouse keeper, clockmaker, and librarian—appear in more than 88% of generated stories, with little difference between models. Unite.ai covered the study shortly after it was published.
The researchers posit in their paper that these themes show up so often in part because of the models’ safety and alignment tuning. “Model development today is like a big family tree. Most models are related to each other because developers synthesize a lot of training data with models even from different companies,” Hamilton told me in an email. He, Mimno, and their colleague Rebecca M. M. Hicke found this in a 2025 paper where they looked at specific words used across models. OpenAI’s first ChatGPT model, GPT-3.5, is the root of the family tree because it was used to make WildChat, a training set that’s since been used to make other training sets. “WildChat contains 1 million real conversations with ChatGPT, and 166 of these contain the name ‘Elias’ like here andhere,” Hamilton added. “These are written in that familiar ‘lighthouse’ style. Models trained on WildChat copied this style, and developers unwittingly replicated it when using those models to generate newer datasets. It's like a virus.”
0:00
/2:36
Elias has since escaped chatbot containment. May noticed Elias Thorne popping up on Amazon as an author of alt-medicine cancer handbooks, a 2026 YouTube-algorithm guide, a book on Greek mythology, and a psychological thriller novella. “No human writes all of those,” May wrote in his blog post. “The first one sits in territory where bad advice causes real harm. The mode-collapsed name from the chat window is now a byline appearing across genres.”
When I searched Elias Thorne on Amazon, I found Elias as the protagonist in fantasy books and producing music, too: he’s “a brilliant but cynical archaeologist with a knack for unearthing what powerful institutions want to keep hidden” in one fantasy series, or a musical artist making ambient listening albums of birds and nature sounds. Fittingly, one Elias Thorne with an AI-generated author photo is also churning out AI grift books. In the last few years, AI-generated books have flooded Amazon’s self-publishing offerings, especially, with books containing dangerous misinformation and messy errors taking over the platform. AI-generated books are also making librarians’ jobs hell.
Elias has also escaped to the Youtube slop world: in one video from the channel Moments That Moved the World, a slop-illustrated story features the plight of “83-year-old Sergeant Major Elias Thorne.” On the AI slop site Wonderful Museums, “Snake Museum Owner Shot By Wife: Unpacking the Tragic Incident at Thorne’s Reptile Sanctuary” spins Elias Thorne’s story as a man shot by his wife. On another slop site called Tatticle, the “wealthiest man in Ohio,” Elias Thorne, died “with exactly twelve dollars in his pocket.” In these stories, Elias is usually a tragic figure, an aggrieved and unfairly-treated old man. He’s a similar character in a short story published by the BBC as a finalist in its 2024/2025 children's writing competition—but Elias is a real name, and could feasibly still be the subject of a human-written story (and there have been no accusations of the BBC’s children’s writing competition being infiltrated by AI slop).
But with all the world’s literature as its training data, why do LLMs seem to default so often to the lighthouse? It comes down to how model makers try to safety-align and sanitize their outputs. “We found many stories in WildChat are not safe for work. This led us to hypothesize that models going through alignment are preferring a small slice of WildChat stories, like a bottleneck,” Hamilton said. “It isn't that Elias stories are frequent, but that they're just so safe.” He said the researchers plan to explore this theory further in future research.
As for Elias, there is one example I’ve found of him existing pre-generative AI, as a time traveling mad scientist in the 1980’s trading card series Dinosaurs Attack!. And a real-life Elias that comes close to the stories told by LLMs did actually exist, Hamilton found—Elias Allen was a 16th century clockmaker in London.
For months during the summer of 2024, Jarmarus Brown, an Orange City, Florida police officer, ran his ex-girlfriend's license plate through the Flock automated license plate reader (ALPR) system lookup database at least 69 times. He searched for the license plate belonging to her mom at least 24 times, and searched for the license plate belonging to her dad at least 15 times. Brown’s searches were happening so often, and were so commonplace, that even one of his colleagues noticed Brown researching his ex-girlfriend's whereabouts while the law enforcement officers sat in their police cruisers, according to court records obtained by 404 Media.
“While they were sitting there, Officer [Shadrich] King noticed Jarmarus was on the Flock system and a license plate reader image of [Brown’s ex-girlfriend] was on the screen,” a police affidavit about Brown’s behavior obtained by 404 Media reads. “Officer King said he mentioned to Jarmarus that he needed to stop running her vehicle in that system because he could get in trouble. Jarmarus responded saying that he knew that, and he was going to stop.” Flock’s automated license plate readers document every car that drives past them, creating a broad network of people’s movements around the country. Police can then look up license plates to learn where a specific car and, by extension, person, has traveled over time.
On another occasion, Brown told King that he believed his ex was lying about her whereabouts. She “told Jarmarus she was at her house with her mother, but Jarmarus knew for a fact she was not. When questioned by Officer King as to how he knew for a fact she was lying, Jarmarus said he used the Flock system and saw that her vehicle was elsewhere,” the affidavit reads. “Jarmarus then asked Officer King if he wanted to join him on a ‘stakeout’ to try to see where her vehicle was located.”
According to Brown’s ex-girlfriend, while they were dating he would “constantly require [her] to either be on FaceTime with him or be on the phone with him, even while she was working […] Jarmarus would try to control aspects of [her] life, such as the amount of makeup she would wear and the length of her fingernails.” According to the affidavit, Brown’s stalking extended beyond license place lookups; at one point while they were dating, he put an Apple AirTag in her wallet. But the bulk of his surveillance came through Flock, the affidavit says, noting that he kept “randomly showing up at the places she was at.”
The affidavit states Brown told investigators that “he would occasionally run her tag through Flock to track her whereabouts” because he believed she was lying to him. “It was dumb as hell on my end, emotions flowing, mind going,” he told investigators. The investigators ultimately determined Brown “knowingly and intentionally accessed the password protected computer systems, Flock and DAVID [a Florida DMV vehicle information database], to run the license plates of vehicles [she] frequently drove, for his own personal reasons. There was no work related, justifiable, reasons to do so, other than to track [her] whereabouts.” Brown was ultimately charged with stalking and hacking-related charges; he served one day in prison and was sentenced to five years of probation.
Brown’s case was not a one-off. Local news reports from around the country repeatedly detail police abusing the Flock surveillance systemic order to stalk their partners or ex-partners. The contours of each story are much the same, with the police officer in question using their access to the system to repeatedly track a specific person over the course of weeks or months. The cases highlight the fact that Flock can be used to track the whereabouts of individual people, that police do not get a warrant in order to use the system, and that, if they have access to the system, they have the technical ability to look up any license plate they want for any reason they want. An April study by the civil rights group Institute for Justice found that at least 18 police officers have been caught around the country using Flock to stalk a romantic interest in the last few years; another database, called the ALPR Abuse Library, has documented 20 specific cases of “stalking/targeting” around the country.
The known cases of police stalking are almost certainly a vast underreporting of the overall abuse, because they largely include only cases in which the behavior was so egregious that it led to police officers being fired, arrested, or both.
Flock told 404 Media that it is “aware of 15 incidents of abuse, each surfaced because of the transparency and accountability features deliberately built into our platform.”
“There are also 140,000 monthly active users of Flock, so the relatively rare instances of abuse, while obviously wrong and awful, are exactly that—rare,” a Flock spokesperson told 404 Media. “Humans are fallible; unlike most tools society provide law enforcement, Flock ensures that in the instances when our technology is misused, the evidence used to hold responsible parties accountable, is right there in our system. We also encourage all our customers to have a usage policy, regular training, and to implement our Audit Assistance tool, which proactively flags unintended use.”
💡
Do you know anything else about Flock? I would love to hear from you. Using a non-work device, you can message me securely on Signal at jason.404. Otherwise, send me an email at jason@404media.co.
It is definitely the case that Flock’s audit tools have proven useful in holding police accountable, because journalists, activists, and concerned citizens from around the country have pored through Flock audit logs that they have obtained through public records requests to document abuse. But it is also the case that Flock has strenuously fought against lawsuits and potential regulations that are seeking to require police to get a warrant to use the system. And many cases of abuse have not been detected by police departments themselves but by those private citizens, journalists, and stalking victims who have found patterns of abuse in public records files they have obtained from their local police departments. In most cases of Flock-related stalking reviewed by 404 Media, the abuse occurred over the course of months or years, and the victims were subjected to dozens or hundreds of lookups.
Other abuse cases have been discovered using the website HaveIBeenFlocked.com, a website that compiles Flock searches released via public records requests and turns them into a searchable database. Flock has repeatedly tried to get that website taken down, as we have previously reported.
In Wisconsin, a stalking victim checked her own license plate on HaveIBeenFlocked.com and learned that City of Milwaukee Police Officer Josue Ayala had searched her license plate more than 100 times. After reporting this alleged abuse to the police, the agency ran its own audit and learned that Ayala had also searched the license plate of a second victim 124 times in a two-month span last year, according to court records. Each time, Ayala simply listed “investigation” as the reason for his search. In another alleged abuse case in Idaho, the police chief used Flock to allegedly stalk his wife using the reason “test” in the Flock system.
A citizens’ anti-surveillance organizing group, called Deflock Joplin, found anomalous searches by a police officer in Joplin, Missouri, last year. Using Flock audit logs they obtained using a public records request, they found one single license plate that was searched by one specific police officer 395 times in a 10-month span in 2025; they found that a second plate had been searched 147 times (the police officer’s name was redacted in the records).
“The activity presented here is startling and damning,” Deflock Joplin wrote in a blog about its investigation. “One user's account at JPD has surveilled people for around a year without detection. We see no conceivable way the Joplin Police Department is auditing these logs. This activity was blatant and obvious if anyone had bothered to take a look. We were able to find this data, file records requests, create a website, and share them in our spare time […] This system must be removed or severely curtailed to protect residents and their privacy.”
Soon after Deflock Joplin shared its findings with the city, the police officer in question was fired: “During that investigation, it was found that this single Joplin Police Officer did violate the policy regarding department equipment and systems,” the city wrote in a press release. “Any misuse of the Flock system or any other Joplin Police resource will not be tolerated, and discipline will be administered swiftly and in accordance with policy.”
In Orange City, Florida, Brown’s ex suspected she was being stalked and spoke to a friend within the police department, who told her that Brown “used law enforcement databases to track her whereabouts.” She then made a stalking complaint, which started the investigation, according to the affidavit.
In Coffee County, Georgia, officer Chris Rozar was charged with eight crimes, including computer invasion of privacy, prohibited use of captured license plate data, and stalking, because he allegedly “did knowingly misuse the Coffee County Sheriff’s Office Flock Law Enforcement Camera System and Tag Reader System […] for the purposes of stalking,” and that he “did follow, track, and surveil [the victim] throughout multiple locations in Coffee County, without the consent of said person, for the purpose of harassing and intimidating said person.” This case, too, was not discovered through Flock’s auditing tools: “The investigation began about two years ago after a woman came forward with allegations that Rozar had [been] stalking her,” a press release about Rozar’s arrest reads.
In Bonner Springs, Kansas, a police officer allegedly used Leonardo-brand license plate reader cameras to stalk his ex wife as part of a horrifying and extensive hacking and spying campaign; the officer was also found to have beastiality and child sexual abuse material on his devices.
There are morethan a dozen other cases from around the country where the story is much the same; a police officer stalks their partner or an ex for months before ultimately getting caught and fired or arrested. These cases repeatedly show that, because there are few limits on what police can use Flock for, they are often able to abuse the system for months or years before being caught.
Many of the known cases of police abuse were only discovered after the victim reported being stalked or after data crunching by journalists or local government transparency groups; many of the cases of abuse happened over the course of months. 404 Media is also aware of several instances in which an officer improperly used Flock and was simply warned or made to take leave, which did not rise to the level of being arrested or fired. 404 Media is also aware of at least one case that has not yet been reported in the media; in Dunwoody, Georgia, several police officers were fired or made to resign for improperly researching people through the Georgia Crime Information Center, a state database. At least one of the fired officers also improperly searched the city's Flock cameras, according to an internal investigative report shared with 404 Media by Jason Hunyar, a Dunwoody resident who has been investigating Flock. Dunwoody has a very close relationship with Flock and the company used Dunwoody as a demonstration for other police departments during sales pitches until Hunyar discovered that the company was accessing cameras in a children's gymnasium during these sales pitches.
“The fundamental problem with these systems is that they place private information about people’s movements over time in the hands of every officer,” Michael Soyfer, an Institute for Justice attorney, said in the organization’s report. “Without the constitutional safeguard of a warrant requirement, that predictably allows officers to abuse their access to these systems for things like stalking romantic partners.”
Amazon founder Jeff Bezos believes that artificial intelligence is going to lead to unprecedented productivity gains which could result in cheaper food, housing, and two income households deciding that they no longer need two incomes. Internally, Amazon employees mock the company’s AI tools, refer to its output as “slop,” and joke about the company’s failed attempt to motivate employees to use AI tools effectively.
The memes are yet another example of the contrast between what AI companies say in public about its potential power and benefit versus the reality of how the people who help create these AI tools use and criticize them internally. Amazon employees told me about these memes after they saw my story last week about Google employees also internally sharing memes critical of Google’s AI tools.
“Now I have everything I need,” says the text over an image of a jet taking off in one meme posted by an Amazon employee. The jet is edited to carry the purple ghost logo for Kiro, Amazon’s AI-powered coding tool. “Narrator: He did not have everything he needed,” says the text over an image of a bunch of people left behind on the tarmac. I've recreated all the memes rather than share screenshots from the Slack channel in order to protect sources.
“Kiro: ‘Confirmed I have the full picture,’” says the text over an image of an iceberg that appears small above water but is hiding a huge mass underwater in another meme posted by an Amazon employee.
One meme just showed Kiro’s logo, as well as an image of a bee and a lion implying that Kiro be lyin’.
Another meme just shows Cillian Murphy’s face as Robert Oppenheimer in the movie Oppenheimer, surrounded by logos of AI coding tools like Amazon’s Kiro, Anthropic’s Claude Code, and an AI agent called Meshclaw. The text on the image simply reads “Sloppenheimer.” The meme apparently refers to the fact that Amazon employees have been encouraged to use all of these tools at some point.
For this story, I talked to multiple Amazon employees who asked to remain anonymous because they were not authorized to speak to the press. They said that this discussion is mostly taking place on a company Slack channel called #actual-aws-memes. While most of the memes I saw were critical of AI, one Amazon employee told me that there’s a “spectrum” of opinions shared in the channel.
💡
Is your company internally criticizing the same AI products the company is publicly advertising? I would love to hear from you. Using a non-work device, you can message me securely on Signal at @emanuel.404. Otherwise, send me an email at emanuel@404media.co.
“Actual-aws-memes is a place to blow off steam so it skews negative, but I'd say the genres of most are ‘Oh boy, we get to use Claude Code now instead of Kiro,’ ‘Earnest Kiro user complaining about its limitations,’ and some genuine frustration with corporate policy,” The Amazon employee told me. “I'm an AI hater, so I prefer to think they agree with me, but there's more of a spectrum than that.”
Another Amazon employee told me that the anti-AI memes started around the end of 2024 and the start of 2025, “when [AI] adoption started to get really forced by leadership.”
"I think people meme about anything they're around a lot, and obviously AI is a common topic," Another Amazon employee told me. "Of course it doesn't help that leadership is definitely pushing AI so there's probably some element of backlash."
A few of the recent memes shared in the channel directly reference the fact that Amazon had just shut down an internal leaderboard which tracked how much Amazon employees were using Kiro. In an official internal statement and in comment to 404 Media, Amazon said it had shut down the leaderboard because it had achieved its goal of motivating and teaching people to use AI tools. However, Amazon employees told 404 Media that management decided to shut down the leaderboard because people were cheating by tasking Kiro with completing unnecessary tasks and because it was resulting in wasteful, expensive AI use.
“When they shut down the leaderboard, there was a lot of [discussion in the slack channel] ‘Well, yeah, what did you think was going to happen when you incentivized people to drive up usage,’” the Amazon employee told me.
One Amazon employee shared an image of the “stonks” going down meme and said “AI usage after the PTI incentives goes away.”
One Amazon employee shared a fake certificate for a “participation award” to AWS and Goodhart’s Law for “cheesing a leaderboard we probably should have known you would cheese.” Goodhart’s law is the adage that “when a measure becomes a target, it ceases to be a good measure,” which is what some Amazon employees thought was the effect of the leaderboard. Amazon measured and rewarded AI use, so employees used a lot of AI, but not in a way that produced any value.
Another meme referencing the leaderboard and several Amazon AI products like Ask Rufus, Amazon Q, and Amazon Nova asked “What do you mean by ‘value?’ AI itself is the purpose for everything, no?”
One Amazon employee told me that he saw Amazon employees in the chat discussing how to cheat the leaderboard.
“I saw some of that, mostly the occasional ‘you know, it'd be really easy to set up a shell script to do this’ or ‘my cron job that calls Kiro every hour or so.’ Hard to tell if it was actual planning or just engineers noticing how easy it would be to cheat the system,” another Amazon employee told me.
In an email, Amazon told me that the negative AI comments on Slack are just from a few individuals and don't represent the perspective of the company or the vast majority of employees.
"We’re always looking to understand our teams’ experiences with various tools – that’s how we learn what works for them and what doesn’t – and while this handful of comments doesn't reflect what we hear from most Kiro users, we still appreciate the chance to learn from the feedback," Amazon said. "In general, we’re seeing incredible improvements in efficiency and delivery from Kiro, which more than 80% of our software developers use. Kiro offers differentiated capabilities that other tools don't provide, particularly in spec-driven development and property-based testing. These aren't just incremental improvements—they represent a fundamentally different approach to AI-assisted development that prioritizes production readiness and correctness.”
‘Caffè’ in Italian. ‘Kaffe’ in Swedish. Across seemingly contrasting cultures, the word for ‘coffee’ carries the weight of ritual, social connection, and daily pleasure. In Stockholm, Nespresso’sVertuo World pop-up found its footing between these two deeply expressive traditions: Sweden’s culture of fika and Italy’s espresso-bar ritual.
While the brand has been part of this at-home ritual for decades, Nespresso enters a more expressive era with the launch of its new Vertuo World campaign and the introduction of the Vertuo Up machine. Nespresso recently transformed Francesco, one of Stockholm’s most talked-about Italian restaurants, into an immersive pop-up café for two days. Located on Södermalm and known for its younger, culturally engaged audience, Francesco offered the ideal setting for a brand experience built around the ways coffee is increasingly staged, shared, and folded into contemporary lifestyle culture.
The activation translated Vertuo World’s larger campaign premise—that every cup of coffee opens a new world—into a distinctly local, design-forward experience. Across the global campaign, Nespresso moves through a series of visual worlds shaped by coffee, culture, and time of day, from a slow New York morning with Melozio to an afternoon Altissio espresso in Italy, an iced Double Espresso Chiaro by the pool, and a French Lavender & Vanilla Decaf to close the day. The campaign leans into curiosity, travel, creativity, and the question of “What else?” as an invitation to explore coffee beyond routine.
In Stockholm, that sense of exploration was given physical form. Francesco was reimagined through a palette of green and deep purple that reflected Nespresso’s new brand direction, while sculptural furniture, curated materials, and carefully selected Louis Poulsen lighting grounded the environment in a Scandinavian design context. Rather than relying on a fully temporary build-out, the concept showed how an existing café can be transformed into a branded destination through atmosphere, materiality, and carefully orchestrated details.
The menu became part of the experience as well. Francesco’s founder and chef, originally from Napoli, created a signature iced pistachio coffee exclusively for the pop-up, combining Nespresso coffee, pistacchio, ice, whipped cream, and finely chopped pistachios. Inspired by Southern Italian flavors and reinterpreted through a modern coffee lens, the drink became one of the activation’s most shared elements, alongside custom Nespresso-branded maritozzi.
“It’s more than a campaign, but a new way of experiencing coffee. We want to inspire people to think differently about their coffee moments, more creatively, more socially, and more personally,” says Petra Dahlman, Nordic Marketing Director at Nespresso.
The activation also speaks to a broader shift in Scandinavian coffee culture. While more than 80 percent of adults across the region drink coffee daily, Nespresso notes that habits are changing, particularly among younger audiences drawn to iced coffee, slower mornings, intentional routines, and social micro-communities.
In this context, Vertuo World positions coffee as a designable experience—one that can move between comfort and novelty, hot and iced, private ritual and public performance.
Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples’ credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers.
The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.
“We have temporarily removed some repositories as we investigate potential malicious content,” Microsoft told 404 Media in an emailed statement on Monday.
At the time of writing, various GitHub repositories reads:
“This repository has been disabled. Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service. If you are the owner of the repository, you may reach out to GitHub Support for more information.”
Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories.
“GitHub disabled 73 Microsoft repositories across four of its GitHub organizations—the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps—in a 105-second sweep on June 5,” the website wrote on Friday.
Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft’s cloud computing arm, and some concerning AI agents.
Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples’ credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote.
Hackers from the group TeamPCP previously compromised Microsoft’s durabletask, publishing three malicious versions of the tool in May. TeamPCP has performed a wealth of supply chain attacks in the first half of this year, impacting hundreds of organizations, WIRED reported.
In practice, this means that any GitHub actions that used those repositories will no longer function. And coupled with the statement and research, indicates Microsoft did not fully protect itself and its users after the earlier compromise.
“Why is this mentioned nowhere?” one commentator on a Microsoft forum thread discussing one of the repository closures writes.
Log in
