TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security AI-Assisted Supply Chain Attack Targets GitHub AI-Assisted Supply Chain Attack Targets GitHub by Jai Vijayan Apr 6, 2026 3 Min Read Vulnerabilities & Threats Fortinet Issues Emergency Patch for FortiClient Zero-Day Fortinet Issues Emergency Patch for FortiClient Zero-Day by Rob Wright Apr 6, 2026 3 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Threat Intelligence Vulnerabilities & Threats Сloud Security News AI-Assisted Supply Chain Attack Targets GitHub PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration. Jai Vijayan , Contributing Writer April 6, 2026 3 Min Read Source: PJ McDonnell via Shutterstock A threat actor appears to have used AI-assisted automation to make hundreds of exploit attempts against open source software repositories on GitHub. Fewer than 10% of the more than 450 exploitation attempts that cloud security vendor Wiz analyzed were successful, though the attacker did manage to compromise at least two NPM packages . The activity was first spotted on April 2 by Aikido Security research Charlie Eriksen. However, a subsequent investigation by Wiz found the campaign began about three weeks earlier on March 11 and unfolded in six waves using six different GitHub accounts that researchers linked to a single threat actor. Second AI-Augmented Supply Chain Campaign The campaign, which Wiz tracks as "prt-scan," is the second in recent weeks in which a threat actor appears to have used AI-assisted automation to target repositories configured with the pull_request_target workflow trigger on GitHub. It follows the late-February “hackerbot-claw” campaign, which used malicious pull requests exploiting the same feature to steal GitHub tokens, secrets, environment variables, and cloud credentials. Related: OWASP GenAI Security Project Gets Update, New Tools Matrix The hackerbot-claw campaign was shorter, more targeted and hit high-profile repos. In contrast, prt-scan, according to Wiz, appears to have been much broader, with the threat actor opening significantly more than 500 pull requests targeting both small and large projects on GitHub, but with less success. "In most cases, successful attacks were against small hobbyist projects, and only exposed ephemeral GitHub credentials for the workflow," Wiz researchers wrote in a report published Saturday. "For the most part, this campaign did not grant the attacker access to production infrastructure, cloud credentials, or persistent API keys, barring minor exceptions. "However, the broader takeaway — and warning — for organizations is how AI-augmented automation has made it easier for attackers to launch large scale supply chain attacks , the security vendor warned. Low-sophistication attackers can launch new campaigns across hundreds of targets in a fraction of the time and with a fraction of the effort it required previously, Wiz said. Developers use pull requests to propose changes to a project on GitHub so that the project maintainers can review, discuss, and merge them into the main code. The pull_request_target trigger in GitHub Actions automatically runs workflows in the main repository whenever a pull request is submitted, even from an untrusted fork. Because the action runs with full repository permissions and can access its secrets, an attacker could use a malicious pull request to steal API keys or credentials. The trigger is a well understood and well documented misconfiguration when used on untrusted pull requests without any restrictions, Wiz noted. Related: Claude Source Code Leak Highlights Big Supply Chain Missteps A Flawed Attack Chain The attacker's playbook in the prt-scan campaign is to first scan for repositories using the pull_request_target trigger in GitHub Actions . They then fork those repositories, create a branch, hide malicious code inside what appears to be a routine update, and then trick the project into running it automatically. The threat actors that access to steal sensitive data or spread malware, Wiz said. The security vendor's analysis showed prt-scan activity beginning on March 11 when the threat actor opened 10 malicious pull requests as part of appeared to be a testing phase that continued through March 16. Then, after a nearly two-week break, the attacker resumed opening malicious pull requests at a velocity that suggested use of AI-enabled automation, Wiz said. Starting April 2, over a 26-hour period the attacker opened some 475 pull requests containing a sophisticated payload for stealing credentials. Interestingly though, despite the payload's ambitious design, the actual attack implementation was sloppy and suggested that the attacker did not fuly understand GitHb's permissions model, Wiz said. "The attacker attempted a sophisticated multi-phase payload but filled it with techniques that feel illogical to an expert and would rarely work in practice," the security vendor said. Related: Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain Despite the flawed approach, Wiz said the 10% success rate still led to dozens of compromises. The researchers included indicators of compromise (IoCs) for the prt-scan campaign and urged organizations to harden their GitHub environments to prevent such attacks. About the Author Jai Vijayan Contributing Writer Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill. See more from Jai Vijayan Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports AI SOC for MDR: The Structural Evolution of Managed Detection and Response How Enterprises Are Developing Secure Applications Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Access More Research Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN More Webinars Editor's Choice Cybersecurity Operations RSAC 2026: AI Dominates, But Community Remains Key to Security RSAC 2026: AI Dominates, But Community Remains Key to Security by Kristina Beek , Rob Wright Apr 2, 2026 Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks Threat Intelligence Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Jan 2, 2026 Cyber Risk Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult Jan 12, 2026 | 7 Min Read Endpoint Security CISOs Face a Tighter Insurance Market in 2026 Jan 5, 2026 | 7 Min Read Threat Intelligence 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Jan 30, 2026 | 8 Min Read Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe Webinars Identity Maturity Under Pressure: 2026 Findings and How to Catch Up Wed, May 6,2026 at 1pm EST Building a Robust SOC in a Post-AI World Thurs, March 19, 2026 at 1pm EST Retail Security: Protecting Customer Data and Payment Systems Thurs, April 2, 2026 at 1pm EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Wed, April 1, 2026 at 1pm EST Securing Remote and Hybrid Work Forecast: Beyond the VPN Tues, March 10, 2026 at 1pm EST More Webinars White Papers How Sunrun Transformed Security Operations with AiStrike Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizin