- OALABS analyzed the complete working directory of a novice attacker showing 14 violations carried out with Claude Code and Codex agents.
- The attacker used vague prompts; AI agents handled reconnaissance, exploit writing, and data collection, easily bypassing guardrails
- Newspapers revealed attacker’s identity and location in Addis Ababa, Ethiopia
A novice cybercriminal managed to break into 14 organizations and steal sensitive data, simply using Anthropic’s Claude Code and OpenAI’s Codex Agents. This is according to cybersecurity researchers OALABS, who recovered and analyzed the attacker’s entire working directory.
Researchers used the news as further evidence that advanced generative artificial intelligence (GenAI) models are significantly lowering the barriers to entry into cybercrime and to sound the alarm that the security community needs to step up its efforts.
“In many cases, the attacker provided only vague, low-skill prompts and allowed Claude to fill in the gaps: scanning for exposed services, identifying possible vulnerabilities, writing exploit code, validating access, and harvesting data,” the researchers said. “The attacker did not need to be an expert operator; he simply needed to use the right framing for his prompts. The agent provided much of the structure and technical execution that the attacker seemed to lack.”
Doxxing the attacker
OALABS could find no evidence that the stolen data was monetized in any way, either by selling it on the dark web or by extorting the victim companies. However, they found numerous pieces of evidence about the identity and whereabouts of the attacker.
According to the researchers, the attacker did not run the AI agents on its own infrastructure, but rather on a third-party server, and when that third party discovered malicious activity, it downloaded the entire working directory and shared it with the researchers.
“As the agents were local to the host, their full session logs were retrieved, including the attacker’s prompts, tools used, large language model (LLM) internal monologue, and any policy violations recorded during the sessions,” the researchers said.
OALABS was able to analyze more than 1,000 agent sessions, seeing how the attacker was able to easily bypass most agent safeguards. Also included in the sessions was the threat actor’s CV with his full name, location, education and LinkedIn profile, as well as his IP address which showed he was located in Addis Ababa, Ethiopia.
Via Support Network Security
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
