top of page
perceptive_background_267k.jpg

hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far

Published:

12 March 2026 at 03:18:55

Alert date:

12 March 2026 at 04:02:20

Source:

stepsecurity.io

Click to open the original link from this advisory

Supply Chain & Dependencies, Cloud & Virtualization

An autonomous AI-powered bot called hackerbot-claw conducted a week-long automated attack campaign targeting CI/CD pipelines across major open source repositories including Microsoft, DataDog, and CNCF projects. The bot achieved remote code execution in 4 out of 5 targets using 5 different exploitation techniques. Successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub. The campaign demonstrates sophisticated automated attacks against GitHub Actions workflows in major open source projects.

Technical details

Mitigation steps:

Affected products:

GitHub Actions
Microsoft repositories
DataDog repositories
CNCF repositories

Related links:

https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page