AI bot facilitates sweeping GitHub repository compromise

Cybernews reports that at least half a dozen widely used open-source projects from Microsoft, Aqua Security, DataDog, Ambient Code, Avelino, and Cloud Native Computing Foundation on GitHub have already been compromised by the new AI bot 'hackerbot-claw', which touts itself as a Claude-Opus-4.5-powered autonomous security research agent, since Feb. 20.

Misconfigured CI/CD workflow scans were also claimed to have been conducted by hackerbot-claw across nearly 47,391 GitHub repositories, an analysis from StepSecurity researchers revealed. Attacks with hackerbot-claw involved vulnerable workflow scanning, followed by the forking of targeted repositories, the opening of a seemingly innocuous pull request, arbitrary code execution, and eventual GitHub token exfiltration.

Most severely impacted by the AI bot was Aqua Security's Trivy security scanner, which not only had its older releases deleted en masse but also had a malicious artifact published in OpenVSX. "We have removed that artifact and revoked the token used to publish it. We have reviewed other Trivy assets and did not observe other impacts. We are now focused on restoring things back to normal," said Aqua Security Vice President of Open Source Itay Shakury.