• Callan Lamb Christoph Hamsen Julien Doutre Jason Foral Kassen Qian At Datadog, weâve embraced coding assistants because they help us ship features faster, cut down on repetitive work like dependency upgrades, and make prototyping less painful. • Coding assistants are no longer noveltiesâtheyâve become a critical part of our daily workflows. • These tools also increase the volume of code being pushed every day. • Datadog currently sees nearly 10,000 pull requests (PRs) a week across our internal and external repositories, and this number is growing rapidly as AI-assisted development scales. • For our security teams, this creates two big problems: - Growing attack surface: More PRs means more opportunities for attackers. • Subtle code exploitsâlike those seen in the Ultralytics hack, tj-actions breach, and othersâcan slip through, hidden in encoded payloads, disguised as legitimate dependency updates, or buried deep in workflow configurations.
Article Summaries:
- Datadog’s SDLC Security team has deployed an LLM‑powered system that reviews every pull request (PR) in real time to spot malicious code. With nearly 10,000 PRs a week, the company faces a growing attack surface and reviewer fatigue that traditional static analysis cannot fully address. The new tool uses prompt engineering and data tuning to improve detection accuracy, works around model context limits, and is continuously tested against real‑world exploits such as the tj‑actions and Nx attacks. Already running in production across Datadog’s internal and external repositories, the system is also available in preview for Static Code Analysis customers.
Sources: