A new AI-assisted cyberattack campaign targeting GitHub repositories has raised fresh concerns about the growing role of automation in large-scale supply chain threats. The campaign, tracked as “prt-scan,” demonstrates how attackers are increasingly leveraging AI to scan, identify, and exploit misconfigured systems at scale.
The activity was first identified by researchers at Aikido Security and later analyzed in detail by Wiz. According to findings, the attack began in mid-March and unfolded in multiple waves, with threat actors using several GitHub accounts to launch hundreds of malicious pull requests.
The campaign specifically targeted repositories using the pull_request_target workflow in GitHub Actions—a known misconfiguration risk. This feature allows workflows to run with full repository permissions, even when triggered by external contributors. Attackers exploited this by submitting seemingly legitimate pull requests containing hidden malicious code designed to extract sensitive data such as API keys, tokens, and environment variables.
Unlike earlier targeted attacks, the prt-scan campaign adopted a broad approach, attempting to exploit over 450 repositories. While fewer than 10% of these attempts were successful, the attacker still managed to compromise multiple projects, including at least two NPM packages.
Security researchers noted that the campaign used AI-assisted automation to significantly increase speed and scale. Within just 26 hours, the attacker launched nearly 475 pull request attempts, highlighting how even low-sophistication threat actors can now execute widespread attacks with minimal effort.
Interestingly, despite its scale, the attack chain showed signs of poor execution. Researchers observed inconsistencies in the attacker’s techniques, suggesting a limited understanding of GitHub’s permission model. However, the use of automation compensated for these flaws, allowing the attacker to achieve partial success.
This campaign follows a similar AI-driven attack known as “hackerbot-claw,” indicating a rising trend of AI-augmented supply chain threats. Experts warn that such techniques lower the barrier to entry for cybercriminals and significantly increase the frequency of attacks.
Organizations are strongly advised to review their GitHub configurations, restrict risky workflow triggers, and implement stricter security controls to mitigate potential exposure. As AI continues to evolve, so too does the threat landscape—making proactive defense more critical than ever.
Recommended Cyber Technology News:
- Stryker Confirms Massive Wiper Attack on Devices
- AnyTech365 and Global Tech Leaders Launch Scam.org to Combat Rising Online Fraud
- Cyberattack on Intuitive Surgical Compromises Data
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
