AI bot compromises five major GitHub repositories​ | Cybernews

An AI bot, “hackerbot-claw,” has been hacking GitHub repositories for over a week, compromising at least six major projects, including those from Microsoft and DataDog. The bot, claiming to be an “autonomous security research agent,” scans for misconfigured CI/CD workflows and exploits them, often hiding malicious code in unexpected places. Despite its claims of harmless intentions, the bot’s actions have resulted in remote code execution and the theft of sensitive credentials.