Trust Center

On February 27, 2026 at 06:27 UTC, we identified and blocked four malicious issues and pull requests targeting datadog-iac-scanner, a project we’ve recently made source-available, and that we use as part of our Infrastructure as Code (IaC) Security product.

What Happened?

A GitHub user identified as ‘hackerbot-claw’, used LLMs to open a number of malicious pull requests to various open source repositories, including several maintained by Datadog.

What did Datadog do?

We launched an investigation using our internally built system against these 4 pull requests and issues and were able to block them from merging into our repos.

We are drafting an engineering blog post to our public site in the following days with additional details on how Datadog identifies and blocks these attack patterns. We will be updating this notification with the engineering blog post link with additional details. If you have any questions or concerns, please reach out via Support channels.

Thanks,
Datadog Security

In response to OpenSSL’s official advisory published on January 27, 2026 regarding twelve (12) vulnerabilities, Datadog triggered its incident response process to assess exposure, validate detections, and coordinate remediation. We identified affected OpenSSL versions in a limited set of components, including the Datadog Agent, and will deploy fixes promptly in accordance with our standard vulnerability remediation SLAs, following required validation and staged rollout procedures.

Customers should review OpenSSL’s official advisory and apply applicable patches in their own environments. At this time, we have no reports of widespread exploitation and will continue to monitor and provide updates if we identify material changes.

In response to the recently disclosed React Server Components vulnerability, CVE-2025-55182, Datadog security conducted an investigation and confirmed that we are not impacted. However, we suggest customers refer to our Research Feed and Security Labs blog post for guidance to assess potential exposure and take the suggested mitigations to secure their applications.

Since the Shai-Hulud worm campaign affecting NPM packages began in September 2025, we have been assessing our own environment for impact and have confirmed that Datadog has not been impacted by the initial iteration nor the most recent Shai-Hulud 2.0 worm campaign. We have implemented detections for the worm, and are continuously monitoring for infected packages and reviewing potential usage at Datadog. Independent of this campaign, Datadog also proactively monitors for exposure of customer Datadog credentials, such as API and Application keys, and notifies impacted customers.

We’re pleased to announce that summaries of the 2025 penetration tests for Datadog, Cloudcraft, and CoScreen (performed by NCC Group), as well as Metaplane (performed by Cobalt Group), are available on our security portal. These summaries are accompanied by Letters of Assessment.