Mintlify, an AI-powered code documentation platform used by software developers, suffered a breach on March 1, 2024. A vulnerability in Mintlify’s systems allowed unauthorized access to admin tokens, leading to the exposure of 91 GitHub OAuth tokens belonging to customer organizations. Attackers confirmed access to at least one customer repository. Because Mintlify requires read/write access to GitHub repositories to generate documentation, the supply chain risk was significant — downstream customer source code repositories could have been read or modified. Mintlify revoked all tokens immediately, patched the vulnerability, and moved away from storing GitHub OAuth tokens in databases. The incident underscored the risk of third-party developer tools that require broad repository access.