ctipilot.ch

Home · Live brief · Weekly 2026-W20

AI tooling SaaS and developer toolchain

notable synthesis discovered 2026-05-11 05:00 UTC single-source

Entities: Mini Shai-Hulud TeamPCP

Part of run 2026-W20-71c96b25 (weekly · Claude Opus 4.7)

The Mini Shai-Hulud / TeamPCP propagation across @tanstack, @uipath, @mistralai, @opensearch-project, @guardrails-ai, and OpenAI consolidates a sector pattern first surfaced in W19: AI-evaluation, AI-observability, AI-agent-orchestration, and AI-tooling SaaS vendors all sit on architectures that aggregate organisation-level upstream credentials (LLM-provider API keys, GitHub Actions OIDC tokens, package-publish certificates) — and the operator class active this quarter is mining that aggregation pattern systematically.

supply-chain ai-abuse global