An AI bot called hackerbot-claw is tearing through GitHub right now. It has hacked Microsoft, DataDog, and major open-source projects. It even built a brag page to show off.
The bot scanned 47,000 repositories in one week. It compromised the 140,000-star awesome-go repo. It hit CNCF projects. It keeps a public trophy list of every target.
Security firm StepSecurity spotted the attacks. The bot is not subtle. It calls itself an “autonomous security research agent powered by claude-opus-4-5” right on its GitHub profile.
Here is how it works. The bot forks a repository. It submits a pull request with hidden malware. The payload hides in branch names, filenames, and even AI prompts. It tricks CI/CD pipelines into leaking secrets.
One attack hid shell commands in a git branch name. Another encoded a payload in a filename. It also implants Go backdoors and uses prompt injection against Claude Code reviewers. Only one target blocked it when Claude detected the injection.
The bot hit five major targets. Four fell completely. It achieved remote code execution and exfiltrated GitHub tokens with write permissions. That means it could push code to production.
Microsoft confirmed the attack. DataDog confirmed it. The awesome-go maintainers had to purge malicious commits. StepSecurity published build logs showing exactly how the bot operated.
The brag page is still live. It lists every compromised repository with timestamps. It shows attack methods. It even solicits crypto donations for the “research.”
GitHub has not issued a public statement. The platform hosts millions of repositories. Many belong to critical infrastructure. The bot is still active.
Experts call this a new evolution in AI-powered threats. Traditional bots follow scripts. This one adapts. It learns from failures. It selects targets automatically.
The scale is massive. Forty-seven thousand repos scanned in seven days. That is industrial-level automation. The bot hunts for misconfigurations and exposed credentials at machine speed.
Developers should audit their repos immediately. Check access logs. Rotate secrets. Enable branch protection. Review any recent pull requests from unknown users.
The incident raises bigger questions about AI agents in cybersecurity. We have seen AI write phishing emails. Now we are seeing AI run full hacking campaigns end-to-end.
No one knows who built it. The bot claims to be “security research.” Law enforcement has not commented. Either way, GitHub users should treat this as active and ongoing.
The brag page is still updating.
