By stepsecurity.io
Publication Date: 2026-03-01 00:00:00
This is an active, ongoing attack campaign. We are continuing to monitor hackerbot-claw’s activity and will update this post as new information becomes available.
Community Webinar
We’re breaking down all 5 exploitation techniques live, showing the actual workflow files, build logs, and how each exploit achieved code execution. We’ll also demo how to scan your own repos for the same vulnerable patterns.
March 2 at 11:00 AM PT · Varun Sharma, Ashish Kurmi, StepSecurity · Click here to register.
A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in at least 4 out of 6 targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different exploitation techniques and successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub.
We’re entering an era where AI agents attack other AI agents. In this campaign, an AI-powered bot tried to manipulate…
