AI fights and more attacks on dev infrastructure: Last Week in AppSec for 4. March 2026

AI-driven attacks and supply-chain abuse are the central themes: an active AI bot "hackerbot-claw" exploited GitHub Actions to execute arbitrary code and exfiltrate write-scoped GITHUB_TOKENs; OpenClaw and ModelScope flaws enabled agent takeover and OS command execution; malicious npm packages (StegaBin / "Contagious Interview") used staged install-time execution to deploy credential theft and RAT payloads; and a SiteOrigin WordPress plugin LFI allowed authenticated attackers to include/execute server-side files. The report details impacts and provides actionable mitigations including default-deny CI guardrails, least-privilege token scopes, locked-down CI runners, reproducible builds, and applying patches/updates.