Microsoft has linked the recent Mastra AI supply chain attack, which compromised over 140 npm packages, to the North Korean hacking group Sapphire Sleet (also known as BlueNoroff). This attack highlights the increasing sophistication of state-sponsored actors targeting software supply chains, particularly within the AI development ecosystem. Developers using Mastra AI packages should verify their dependencies and be aware of potential backdoors.