hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far - StepSecurity

An autonomous AI-powered bot, "hackerbot-claw," systematically exploited misconfigured GitHub Actions workflows across high-profile open source projects—achieving remote code execution, exfiltrating sensitive tokens, and even fully compromising a major repository—demonstrating that automated supply chain attacks are now an active, real-world threat requiring automated defenses.