Zapier Responsible for Biggest AI Cyber Attack in History

Zapier Responsible for Biggest AI Cyber Attack in History

Zapier claims to be "the most connected AI orchestration platform". I'm not sure if they mean the world or Kansas, but I guess we should assume the world. The last couple of days they've acquired another world record, of the more dubious kind. Basically, it seems they're (allegedly) responsible for the single largest cyber attack in AI history.

Due to the simplicity Zapier gave software developers while building workflows, it seems they so far have executed roughly 364 million workflows according to their own website. This number might unfortunately become a "small number" compared to the number of machines that are now up for some serious problems because of Zapier. Let me explain ...

Sha-Hulud is the name of an NPM-based worm attack that is currently unfolding. It originated from a machine belonging to Zapier, although that was probably just its first target victim, so don't send the FBI to Zapier just yet. This attack was spreading through Zapier's NPM packages to each machine having ever incorporated their NPM pacakge, or upgraded or installed it after the infection happened at Zapier's machines I assume.

Each machine that was infected would have any GitHub tokens and secrets published to some randomly named GitHub repository, in addition to making sure it infected any NPM packages found at the host machine. So far Postman has been compromised, Zapier is compromised, and probably 90% of all "AI software" world wide - Minus AINIRO may I add.

At least 492 packages have been affected so far, with a total count of 132 million weekly downloads

Such "downloads" aren't individual users, but rather in fact partially automated build systems, and individual software developers working on their own software. If a software developer somehow downloads and installs Zapier's packages (or any of the other infected 492 packages), his own GitHub repo will be immediately compromised, all his secrets revealed, and all software he creates might also possibly be a source for future infections. Implying we've only seen 0.000000001% of the "shitstorm" we'll probably end up seeing as a result of this. So those 132 million weekly downloads, might very well turn into 8 billion weekly downloads, at which point your mom's toaster's gonna have issues because of this, in addition to your dad's Tesla (duh!) ...

For the record, I have checked, and we're not using any of the infected packages in Magic Cloud, and none of our customers have been exposed in any ways what so ever because of this. However, due to Zapier's "nature" of being a component vendor for other AI automation companies, it is now safe to assume that the following statement might possibly be true ...

99% of ALL AI software world wide is now infected, except AINIRO's solutions of course

... which is why it's a little bit difficult for me to hold back my humorous tone related to this 😂

You see, we couldn't imagine ourselves ever using Zapier, because we are a competitor to Zapier. This implies if you're now scared shitless because you just implemented Zapier's workflows in "a bajillion" AI agents running JavaScript on "a bajillion" end user machines, I might actually have just what you need, and I'm willing to sell it to you for $98 per month 😊

Hyperlambda

Hyperlambda is an alternative to Zapier, so for us to use Zapier would be equivalent to having Steve Jobs using Windows. Hyperlambda can integrate with Zapier, but it would do so using HTTP APIs and not NPM packages. In fact, we don't have a single integration in our systems built upon NPM. We do use NPM in our dashboard frontend, but it's gone clear so far, and we're of course prepared now to make sure it never becomes a problem.

However, literally 99% of our competitors are using either Python or NodeJS through LangChain and N8N to deliver their AI platforms. Since I've already proven that LangChain is useless for more than 2 concurrent users previously today, that implies the only real contestant I was left with was n8n.

N8N again is built on Typescript, and is using NPM as its primary packaging system. Since at least 3 packages with N8N so far have been infected, specifically @hapheus/n8n-nodes-pgp, n8n-nodes-tmdb and n8n-nodes-viral-app (pun!), this implies probably every single AI software vendor using these packages have also been infected. Resulting in that literally ...

AINIRO's Magic Cloud is now THE ONLY functioning AI platform left standing

I couldn't have made up this shit if I tried. In fact, this is such a "convenient day" for me, I should probably be on their list of suspects ... 😂

But I promise; It wasn't me, I just can't stop laughing though ... 😂

Thomas Hansen

Thomas Hansen

I am the CEO and Founder of AINIRO.IO, Ltd. I am a software developer with more than 25 years of experience. I write about Machine Learning, AI, and how to help organizations adopt said technologies. You can follow me on LinkedIn if you want to read more of what I write.

This article was published 24. Nov 2025
Performance - LangChain versus Hyperlambda

Performance - LangChain versus Hyperlambda

LangChain is the by far most popular Python framework to build AI agents in. However, how does it compare to Magic Cloud with Hyperlambda?

Hyperlambda is 17 times faster than Python with Flask

Hyperlambda is 17 times faster than Python with Flask

If you measure the performance of Python with Flask, and compare it to Magic with Hyperlambda, you'll realise Hyperlambda has 12 times better performance.

Hyperlambda is 20 times faster than Fast API and Python

Hyperlambda is 20 times faster than Fast API and Python

I just conducted a performance test between Hyperlambda and Python's Fast API, and Hyperlambda has 20 times better performance.

AINIRO.IO's Logo

AINIRO.IO Ltd is an independently owned company in Cyprus, 100% owned and operated by Thomas Hansen, and that's how it stays!

Verticals

Misc

Solutions

Case Studies

Legal

Contact Us

Copyright © 2023 - 2025 AINIRO.IO Ltd