Disabled for investigation

The email from Dave arrived before standup. Subject line: "GitHub Access — Temporary Restriction (Please Read)." Not a question. That "Please Read" doing a lot of work for a man who has never once framed a request as a request.

The body explained that, effective immediately, access to several external repositories had been suspended pending a security review. Dave had cc'd the CTO. The CTO had replied-all with "Sounds sensible — let's find some time to discuss our posture." Nobody responded to that.

What had happened, as best anyone could work out: Microsoft had disabled seventy-plus of its own GitHub repos after hackers had pushed credential-stealing malware into them. Tools used by AI developers, mostly. Azure-adjacent things. Dave had read about it somewhere — probably the same security newsletter he'd been forwarding since 2019 — and had done what Dave does when confronted with a threat he cannot yet regulate: he removed the surface area.

The repos he'd suspended weren't Microsoft's repos. They were ours. Specifically, he'd locked down three internal repositories including the one Priya had used to push the multimodal endpoint last month.

"Is this going to affect anything?" I asked.

Priya looked at me. Then at her screen. Then back at me.

"Already moved it," she said.

Of course she had. She'd done it before standup, presumably before Dave's email had even landed, in the way that someone who has been doing this for a while develops a kind of early-warning system for institutional overreaction.

The external consultancy still hasn't responded, for what it's worth. Marcus is still performing innocence. Dave has now written a second email clarifying that the first email was precautionary and that "no breach has occurred on our systems at this time," which is the kind of sentence that does not reassure anyone and technically leaves room for a breach occurring at some other time. He has also added a new item to the shared procedures document: a section on third-party repository hygiene. I haven't read it. Nobody has.

The actual Microsoft incident is interesting, if you think about it — which I have, because it's Tuesday and the alternative is the backlog. Hackers targeting the tools AI developers use. Not the models. Not the infrastructure. The repos. The quiet tooling layer that most people don't look at because it's boring and it just works. That's the part that got compromised.

Dave's solution was to lock down the repos we own, which is the security equivalent of hearing there are pickpockets in Paris and immediately hiding your own wallet from yourself.

The procedures document has a new section. The access has been restored. Everything is fine.

We are not going to be fine.