hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far
Summary
This article analyzes a week-long automated attack campaign on GitHub Actions by an AI-powered bot, hackerbot-claw. It details six exploitation techniques across multiple targets, including token exfiltration and code execution, and discusses defender responses and automation-focused mitigations. The piece highlights automated guardrails, least-privilege token usage, and defense in depth with StepSecurity tools, including Harden-Runner and policy checks to flag dangerous patterns and prevent exfiltration.