Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far

An autonomous, AI-powered bot systematically exploited misconfigurations in GitHub Actions workflows across major open source projects, achieving remote code execution, exfiltrating sensitive credentials, and even taking over a popular security tool’s repository—demonstrating that automated supply chain attacks are now a real and active threat to CI/CD pipelines.