Home / Companies / Vapi / Blog / Post Details
Content Deep Dive

Our response to the June 3, 2026 supply chain incident

Blog post from Vapi

Post Details
Company
Date Published
Author
Team Vapi
Word Count
1,095
Company Posts That Month
5
Language
English
Hacker News Points
-
Post removed?
No
Summary

On June 3, 2026, Vapi swiftly addressed and contained a supply chain incident involving the Miasma/Shai-Hulud worm, which impacted repositories within its GitHub organization. The breach, identified via internal telemetry, involved an unexpired access token from a developer's personal GitHub account used to push malicious changes, including scripts targeting developer tools and package workflows. Despite the publication of four malicious versions of the @vapi-ai/server-sdk to npm, these versions had zero downloads before being removed, and there was no evidence of customer data or credentials being compromised. Vapi took immediate corrective actions, including revoking access, cleaning repositories, rolling back the affected npm versions, and enhancing branch protections. They also began rotating Vapi secrets and keys as a precaution, even though no breach beyond the initial access token was detected. Vapi's production services remained unaffected, and no customer action was required. The company continues to strengthen its security measures to prevent future incidents.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 9 2,464 377 128 +14%
AI Coding Assistant 2 2,100 516 161 +17%
Real-time 1 5,515 1,316 255 -4%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.