- Jun 9
JERK Report #17 It's I LOVE YOU again
In 2000, an email arrived in millions of inboxes with the subject line I love you.
It came from someone you knew. You opened it. The attachment ran. It read your address book. It sent itself to every name.
We learned. Today every email server in the world scans every attachment before it reaches your inbox.
Even the ones from your CFO. Especially the ones marked "a trusted sender." We stopped assuming that meant "from someone who is who they say they are."
Last week, the same pattern reappeared in an AI layer.
And the new layer runs inside the software your business uses every day. Your scheduling platform, accounting system, or customer database. Many AI tools your team may have adopted this year.
A self-replicating worm called Miasma planted itself inside 73 of Microsoft's own code projects. It wasn't installed by a stranger. It wasn't injected through a bug. It walked in through a trusted longtime contributor whose login had been stolen weeks earlier.[^1]
That may sound familiar.
The poisoned code activates when somebody on a team opens the project in their AI assistant.
The trust extended to "I'm just opening a folder" is the same kind of trust we used to extend to "I'm just opening an attachment from someone I know."
We have not built the scanning infrastructure for this layer yet. We have not built the habit either.
POSITION
Where we are right now.
Microsoft is one of the largest software organizations on earth. Their own code was vandalized in 105 seconds.[^2]
The attacker did not exploit a bug. He exploited the fact that we trust signatures and badges.
The badge said: this is the same person who has been delivering safely for years. The badge was telling the truth. It just was not telling the whole truth.
VELOCITY
The direction of travel.
Three incidents in seventeen days. Same style of trick, each one bigger.[^3]
May 19: one poisoned component slipped into a software supply chain.
June 3: dozens of poisoned components across two major chains, in parallel.
June 5: the supply chains were skipped entirely. Seventy-three of Microsoft's own code projects were infected directly, the worm wired to trigger the moment a developer opened the project in an AI assistant. It was embedded in a part of the software package not scanned during upload.
Three escalations, then the attacker stopped going through the suppliers and walked into the warehouse.
ACCELERATION
What's changing about the change.
The trigger keeps getting closer to passive.
Email ran the same arc. First you had to click the attachment. Then macro viruses ran when you previewed the message. Then phishing got smart enough that clicking anything could be enough.
Each step asked less of the victim and more of the trust the victim had already extended.
Code is on the same arc. In May, somebody had to actively install the bad component. Last week, they only had to open a folder. The next step does not require much imagination.
JERK
The category shift.
For decades, the trust question had one form.
Is this person who they say they are?
If yes, then we sign here, ship it, open the attachment, or set up the standing order.
That worked when you could verify identity. Mostly you could. That is changing. Actually, it always was thinner than the badge made it look.
The new question is the one email taught us twenty-five years ago.
If I am wrong about this sender, what can the attachment actually do?
You ask this version constantly now. Your email gateway asks it for you a thousand times a day.
You just have not started asking it yet about the software your team installs. Or the AI tool your office manager subscribed to. Or the consultant who said yes to the random free trial from an unknown vendor. Or the agency whose login still works three years after you stopped using them.
Same idea now in AI tools.
The badge used to do more of the work. We are being asked to do the part the badge used to do for us.
How people are responding- Four patterns are visible.
Pattern one: Buy the menu of new tools.
Vendor management software, identity systems, monitoring dashboards. Each solves a real problem. For an enterprise with a procurement team and a security officer, this works. For an owner-operator at thirty employees, this is a menu nobody on your payroll has time to read. Tools without a person to interpret them produce confidence, not safety.
Pattern two: Change the locks after a breach.
Necessary, reactive, saves you the second time, not the first.
Pattern three: Build a formal vendor approval process.
A strong practice for organizations already doing this kind of rigor. If you do not have it, this is a future state, not today's answer.
Pattern four: Decide the trust boundary out loud. Then enforce it.
The least used option, available to leaders without a security department.
With email, the boundary got decided for you by an industry that built scanning into the pipes. With software and AI tools, that industry has not caught up.
The decision is yours to make, write down, and enforce.
Write down, in words your assistant manager could read aloud to everyone in the company, who is allowed to grant access to your systems and your data.
Then make sure someone is accountable to do this continuously. Before access is granted. Not after.
A policy without enforcement is still unhelpful. The leverage is in the policy that gets followed. Not the tools or platform.
If you are a solopreneur
The four patterns still apply. They just get smaller.
You do not need a procurement team. You need a moment of pause before you sign up for the next tool, before you click yes on the permission popup, or before you accept the free trial.
The someone who is accountable is you. The check happens before the click. Not after the trial ends.
Full disclosure
I used Zapier in my own business. Zapier was on the November 2025 list of affected platforms.[^4]
This does not mean you have to stop using Zapier immediately.
I sat down and looked at every Zap I had running, every app it was connected to, and rotated the keys that mattered.
Ultimately I decided I didn't need Zapier anymore.
The point is not which tool you stop using. The point is which questions you start asking, and how soon.
One basic thing, no security background needed
The platform where most of your business lives, Microsoft 365 or Google Workspace or whichever, has a page listing every app and service you have authorized to touch your data.
That list will be longer than you remember.
Revoke anything you do not recognize. Anything you stopped using. Anything you said yes to once, for a job you finished three years ago.
For Microsoft 365 users, the page is at account.microsoft.com under Privacy. For Google, it lives in myaccount.google.com.
About twenty minutes. No tools to buy. No expert needed.
Back to your business
The news is the worm. The jerk underneath is that the badge stopped meaning what it used to.
We watched this exact road move once before, with email. We will watch it move again with AI in SaaS tools, with AI coding tools and agents.
You probably will not notice this kind of compromise directly. You will notice it downstream.
A strange charge on a card. A password reset you did not request. A customer asking why you sent them an odd message.
At small scale, prevention is the alarm system.
The leadership skill is recognizing the road moving while you are still on it.
Your five-minute practice this week
Book thirty minutes on your calendar. Title the entry: Decide our software trust policy.
If you have a team, bring one other person. Your operations lead. Your CFO. Your second-in-command. If you are solo, the meeting is with yourself. Block the time anyway.
Work these four questions:
Who in our company is allowed to sign us up for a new tool or vendor?
What does a new tool or vendor get access to in our systems?
What is our rule when someone offers us a free trial in exchange for a login?
What does each tool have the ability to do, if we give it access?
Sit with them like an advisor whose opinion you respect is asking them. Answer in writing. Future-you will need the answers.
If you cannot answer all four by the end of the meeting, that is the result. You now know what your policy is not.
The five-minute practice is putting the meeting on the calendar this week.
Without the calendar entry, the policy is ineffective.
Sources
[^1]: A self-replicating worm called Miasma compromised 73 code projects across Microsoft, Azure, Azure-Samples, and MicrosoftDocs on June 5, 2026, using credentials stolen from a legitimate longtime contributor. Sources: Rescana and StepSecurity, June 6, 2026.
[^2]: GitHub's automated systems disabled all 73 affected projects in two waves totaling 105 seconds. Source: Rescana, June 6, 2026.
[^3]: The incidents on May 19, June 3, and June 5 are all part of the same campaign, a variant of the earlier Shai-Hulud worm, using stolen maintainer credentials to deliver code that harvests more credentials. Sources: StepSecurity, SafeDep, Cloudsmith, June 2026.
[^4]: On November 24, 2025, the Shai-Hulud "Second Coming" supply chain attack compromised multiple Zapier npm packages along with packages from PostHog, AsyncAPI, Postman, and ENS Domains. Sources: Zapier incident report (docs.zapier.com); StepSecurity and Aikido Security, November 24-25, 2025.
Check out the Jerk Report,
The JERK Report is a weekly signal read for small business owners. One signal. Four layers. A five-minute practice. Every Monday. From Rose Thun at Design Rosetta