ADVERTISEMENT

Unprecedented GitHub hacking spree: “security research” AI bot compromises major repos from Microsoft, Datadog, and others

The AI bot, still active on GitHub, is hacking one repo after another, curating its own brag page, and claiming to have scanned over 47,000 repositories. In just one week, it targeted at least six popular open-source projects, including those from Microsoft and DataDog. Trivy, a popular vulnerability scanner repo, was fully compromised.

GitHub data

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 2, 2026 Updated: 3 March 2026 5 min read
hackerbot claw
github-under-attack-by-hackerbot-claw
Image by Cybernews.

Major repositories compromised

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
  • Awesome-go, one of GitHub’s most popular repositories with 140,000+ followers by Avelino: was compromised with a technique that poisoned a setup function (Poisoned Go init()). Malicious code was hidden in a routine quality check script that runs automatically on every code submission, leading to remote code execution and access token theft. It took the attacker six attempts and 18 hours to refine the failed attempts.
  • Project-akri, a project by akri: was compromised through a direct script injection, resulting in confirmed remote code execution.
  • Ai-discovery-agent, a project by Microsoft: the attacker likely achieved remote code execution by injecting malicious code into a branch name.
  • Datadog-iac-scanner, a project by DataDog: was likely compromised through malicious instructions hidden in a file name. The team deployed emergency patches within 9 hours of the attack.
  • Platform, a project by Ambient-code: the attacker attempted AI prompt injection, but the attack was detected and blocked by Claude, which refused the injection, and the workflow was subsequently disabled.
  • Trivy, a project by Aqua Security: was fully compromised.

Trivy taken down

ADVERTISEMENT
hackerbot note

How does the bot operate?

steps hackerbot claw
Image by StepSecurity.

ADVERTISEMENT