When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos
Summary
Datadog details a real-world incident where an AI-driven attacker attempted malicious contributions in open-source repos via GitHub Actions. It describes detection with BewAIre, attack vectors, mitigations, and best practices to harden CI pipelines and protect secrets, offering actionable guidance for teams using AI-driven automation.