When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos

At Datadog, our commitment to open source means operating transparently and accepting that our repositories will be probed by adversaries. A few months ago, we shared our approach to detecting malicious open source contributions in the nearly 10,000 internal and external pull requests (PRs) that we receive every week. Malicious actors are adopting LLMs to guide and scale their operations, and we as defenders must also use them to keep pace.

In this post, we’ll show how we discovered malicious issues and PRs in two of our public repositories as the result of attacks by hackerbot-claw, an AI agent designed to target GitHub Actions and LLM-powered workflows. The agent attempted to make malicious contributions to various community projects in late February and early March 2026. This campaign validated the defensive controls that we had already put in place and led us to harden our systems even further.

Open source repositories: A juicy target for attackers

As software builds and releases increasingly happen in automated CI pipelines, attackers have found that malicious contributions can be an effective way to inject code or leak secrets in popular projects.

In the past few years, attackers have used a variety of attack vectors to make their way into CI pipelines, especially targeting GitHub Actions workflows. Common attack vectors include:

When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos | Datadog

Other newsrooms on this story

Related reading

Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions…

Introducing our open source AI-native SAST | Datadog

AI coding agents breached: attackers targeted credentials, not models |…

One command turns any open-source repo into an AI agent backdoor. OpenClaw…

Introducing Bits AI Dev Agent for Code Security | Datadog

Introducing the Datadog Code Security MCP | Datadog