Clinejection: How a GitHub Issue Compromised Cline's Entire NPM Supply Chain
TLDR: Cline's own AI support bot was weaponized against them — an attacker fed it instructions through a public GitHub issue, it complied, and the result was malicious software shipped to over a million weekly users. They didn't breach the system. They gave the AI instructions through a public channel, and it executed them. The bot didn't have direct access to publishing credentials. It corrupted the infrastructure that did. Cline is one of the most popular AI coding tools in the world. Their GitHub repo runs an AI bot that automatically reads and responds to incoming issues — helpful for triage at scale. Someone figured out that if you craft the right issue title, the bot doesn’t just read it. It follows it. ...