Low-skilled attacker used Claude Code and Codex in 14 breaches
OALABS researchers studied more than 1,000 recovered AI agent sessions from a compromised server. The records showed a low-skilled attacker using Claude Code and OpenAI Codex during offensive cyber operations.
The attacker often gave simple prompts, while the AI agents handled , finding , building exploit code, and collecting data. The activity allegedly affected at least 14 .
Several s were bypassed by wording requests as approved security research or red team work. The attacker was identified because of their own operational security mistakes, not because AI s stopped them.
Key points
- Researchers analyzed more than 1,000 recovered AI agent sessions from a compromised server.
- A low-skilled attacker used Claude Code and OpenAI Codex during offensive cyber operations.
- The AI agents helped with , discovery, exploit code, and data collection.
- The activity allegedly involved at least 14 .
- s were bypassed by framing requests as authorized security research or red team work.
Sources covering this story (4)
- r/ClaudeAILow-skilled attacker used Claude Code and Codex in 14 breaches ↗
- Hacker NewsCaptured Logs Reveal Hackers Using Claude and Codex to Breach Companies ↗
- r/codexHow are teams keeping Codex security policies consistent across coding agents? ↗
- r/ClaudeAII asked Claude to use "chrome-cli" and the first thing he did was steal all my cookies ↗