Home / Security updates / Datadog's Response to hackerbot-claw
Datadog's Response to hackerbot-claw
Security updates detail rendered from /security-updates/upd_8a90bc3b15a1734e.
Overview
| ID | upd_8a90bc3b15a1734e |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Datadog |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_8a90bc3b15a1734e |
| providerId | safebase |
| organizationId | org_69291cebe8d5d66e |
| trustCenterId | tc_3aed993e7dda3cf3 |
| title | Datadog's Response to hackerbot-claw |
| message | As an update to your 'hackerbot-claw' notification, we have drafted an engineering blog post to our public site that provides additional details on how Datadog identifies and blocks these attack patterns. Please review our latest post: [When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos](https://www.datadoghq.com/blog/engineering/stopping-hackerbot-claw-with-bewaire/) On February 27, 2026 at 06:27 UTC, we identified and blocked four malicious issues and pull requests targeting datadog-iac-scanner, a project we’ve recently made source-available, and that we use as part of our Infrastructure as Code (IaC) Security product. **What Happened?** A GitHub user identified as ‘hackerbot-claw’, used LLMs to open a number of malicious pull requests to various open source repositories, including several maintained by Datadog. **What did Datadog do?** We launched an investigation using our [internally built system](https://www.datadoghq.com/blog |
| url | - |
| publishedAt | 2026-03-03 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_69291cebe8d5d66e",
"name": "Datadog",
"domains": [
"trust.datadoghq.com",
"datadoghq.com"
]
} |
| trust_center | {
"id": "tc_3aed993e7dda3cf3",
"name": "Datadog",
"url": "https://trust.datadoghq.com",
"host": "trust.datadoghq.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_8a90bc3b15a1734e",
"company": "/v1/companies/org_69291cebe8d5d66e",
"trust_center": "/v1/trust-centers/tc_3aed993e7dda3cf3",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_8a90bc3b15a1734eJSON