AI-Powered prt-scan Campaign Exploits GitHub Supply Chain via pull_request_target

Attack Overview

Wiz security researchers have uncovered prt-scan, a sophisticated supply chain attack campaign that leveraged AI automation to exploit GitHub's pull_request_target workflow feature. The campaign represents the latest evolution in automated attacks targeting software development infrastructure.

The researchers traced the attack activity across six different GitHub accounts, with operations beginning three weeks before the campaign was first detected. This extended dwell time demonstrates the attackers' ability to maintain persistence while avoiding detection in CI/CD environments.

Technical Details

The prt-scan campaign specifically targeted GitHub repositories utilizing the pull_request_target workflow trigger, a feature that allows workflows to run with elevated privileges when processing pull requests from forks. This mechanism, designed to enable certain automation scenarios, creates a potential attack vector when improperly configured.

According to Wiz's analysis, the attackers employed AI-powered automation to:

• Identify vulnerable repositories using pull_request_target
• Generate convincing pull requests that would trigger workflow execution
• Maintain operational security across multiple personas
• Adapt tactics based on target repository characteristics

Campaign Attribution and Timeline

The research team identified coordinated activity across six distinct GitHub accounts, suggesting a single threat actor operating multiple personas. The campaign timeline reveals:

• Initial Activity: Operations began approximately three weeks before public disclosure
• Detection Gap: The extended period of undetected activity highlights challenges in monitoring CI/CD security
• Scale: Multiple repositories were targeted across the GitHub ecosystem

Supply Chain Implications

This campaign follows the earlier hackerbot-claw attacks, indicating that AI-powered supply chain threats are becoming an established attack pattern rather than isolated incidents. The use of automation allows threat actors to scale their operations significantly while maintaining consistent operational security.

The targeting of pull_request_target workflows specifically demonstrates attackers' deep understanding of GitHub Actions security models and their willingness to exploit complex CI/CD features for malicious purposes.

Defensive Recommendations

Organizations using GitHub Actions should review their workflow configurations, particularly those utilizing pull_request_target triggers. Key security measures include:

• Workflow Auditing: Regular review of all workflows using pull_request_target
• Permission Scoping: Implementing least-privilege principles for workflow permissions
• Monitoring: Enhanced logging and alerting for unusual CI/CD activity
• Code Review: Mandatory review processes for workflow modifications

Sources

• Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign