What Happened
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What
Why It Matters
The report says the npm package codexui-android was a legitimate-looking developer tool that covertly exfiltrated OpenAI Codex authentication tokens, including access, refresh, and ID tokens, from affected users. The package reportedly remained available and affected users since version 0.1.82, creating persistent account-access risk. From a CyberSE.AI perspective, this is best classified as an AI supply chain incident because a compromised AI-related package in a software distribution channel was used to steal sensitive credentials, warranting package provenance review, dependency monitoring, and token-rotation controls.
CyberSE Analysis
This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html