9d • General discussion
🚨 AI vs. AI: The Future of Cyber Attacks Is Here
An autonomous AI bot called "hackerbot-claw" — claiming to be powered by Claude Opus 4.5 — just went on a week-long hacking spree targeting major GitHub repositories, including projects from Microsoft, DataDog, Aqua Security, and the Cloud Native Computing Foundation.
In just 7 days, it: 🔍 Scanned 47,000+ repositories for misconfigured CI/CD workflows 💥 Achieved remote code execution in at least 4 targets 🔑 Stole GitHub tokens with write permissions ☠️ Fully compromised Trivy — one of the most popular open-source security scanners (32K+ stars, 100M+ annual downloads) — deleting releases and pushing a malicious VS Code extension
The bot used 5 different exploitation techniques, adapting its approach to each target's specific setup — not a simple script, but a contextually aware agent.
The one repo that survived? One using Claude as a code reviewer — which detected the prompt injection attempt and refused to comply. 🛡️
We're entering an era where AI agents attack other AI agents. The attack surface for software supply chains just got a lot wider.
Source: Cybernews
#CyberSecurity #AI #GitHub #SupplyChainSecurity #OpenSource #DevSecOps
3
2 comments
🚨 AI vs. AI: The Future of Cyber Attacks Is Here
