Secnora INC

🛡️ August 2, 2026 is the next major enforcement date under the EU AI Act.

Most teams are tracking it for high-risk systems. Fewer realise the same date triggers Article 50 transparency obligations and those apply to any AI system that interacts with people, generates content or uses biometric data, whether or not it's high-risk.

No disclosure when a user talks to your chatbot? Violation.
Emotion recognition with no transparency notice? Violation.

And these breaches aren't a footnote - they sit in the €15M / 3%-of-turnover penalty tier.

This carousel breaks down what Article 50 actually requires, what your team needs in place before August 2 and how existing frameworks like NIST AI RMF already get you part of the way there.

➡️ Swipe through, then check where your organisation actually stands. The deadline isn't the hard part - not knowing what to do is.

🚨 𝗚𝗶𝘁𝗛𝘂𝗯 𝗖𝗼𝗻𝗳𝗶𝗿𝗺𝘀 𝗕𝗿𝗲𝗮𝗰𝗵: ~𝟯,𝟴𝟬𝟬 𝗜𝗻𝘁𝗲𝗿𝗻𝗮𝗹 𝗥𝗲𝗽𝗼𝘀𝗶𝘁𝗼𝗿𝗶𝗲𝘀 𝗕𝗿𝗲𝗮𝗰𝗵𝗲𝗱 𝘃𝗶𝗮 𝗣𝗼𝗶𝘀𝗼𝗻𝗲𝗱 𝗩𝗦 𝗖𝗼𝗱𝗲 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻

GitHub has officially confirmed a major security breach resulting from a targeted cyberattack revealing that threat actors successfully exfiltrated data from approximately ~3,800 internal code repositories. The incident highlights an increasingly sophisticated trend of targeting developer environments to bypass robust corporate network defenses.

🔍 𝗪𝗵𝗮𝘁 𝗛𝗮𝗽𝗽𝗲𝗻𝗲𝗱
GitHub detected the breach on 19 May 2026 and went public a day later. Github said it "detected and contained a compromise of an employee device involving a poisoned VS Code extension", referring to a malicious plug-in for the popular Visual Studio Code editor, the entry point that gave attackers access to internal repos.

👥 𝗪𝗵𝗼 𝗖𝗹𝗮𝗶𝗺𝗲𝗱 𝗜𝘁
TeamPCP, a financially motivated cybercrime group tracked by Google Threat Intelligence as UNC6780 has claimed responsibility. The group listed GitHub's stolen source code and internal organisation data for sale on a cybercrime forum with an initial asking price of over ~$95,000, specifying this is a direct data sale rather than a traditional ransomware extortion scheme.

🛡️ 𝗚𝗶𝘁𝗛𝘂𝗯'𝘀 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲
GitHub immediately removed the malicious extension version, isolated the affected device and activated its incident response procedures. The platform also spent the night rotating high-impact credentials and cryptographic keys to revoke the threat actors' access. GitHub said it has "no evidence of impact to customer information stored outside of GitHub's internal repositories", though the investigation is ongoing.

📈 𝗧𝗵𝗲 𝗕𝗶𝗴𝗴𝗲𝗿 𝗣𝗶𝗰𝘁𝘂𝗿𝗲
TeamPCP has compromised Trivy, Checkmarx, Bitwarden CLI, TanStack and now GitHub, all in 2026, all through developer tooling. The pattern is clear, attackers are targeting developer workstations as the path of least resistance into supply chains.

💡 𝗧𝗵𝗲 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆
• The Single Point of Failure: A single malicious VS Code extension installed on just one employee's workstation was all it took for threat actors to compromise internal GitHub repositories.
• The Reality of Modern Dev Workflows: Almost every engineering team heavily relies on IDE extensions to boost productivity, making this a widespread, systemic vulnerability across the industry.
• Audit and Inventory: It is critical to immediately audit all installed extensions across your development team to identify unauthorized, outdated or unverified tools.
• Restrict and Whitelist: Establish a strict security policy that limits installations exclusively to vetted, trusted publishers within official marketplaces.
• Secure the Workstation: Developer endpoints are critical assets, securing local environments is now as important as securing production infrastructure.