AI agent–driven attack campaign

How a Non-Expert Hacker Compromised 14 Companies Using Claude and Codex

Hacker, AI cyberattack, Claude Code, OpenAI Codex, AI hacking, AI agent used to hack multiple companies, Claude Code and Codex cyberattack analysis, Codex, Claude, AI
Facebook
X
LinkedIn
Reddit
WhatsApp

A hacker compromised 14 companies using Anthropic’s Claude Code agent and OpenAI’s Codex. The attacker’s lack of technical expertise was compensated for by the AI.

Security researchers at OALABS analyzed the incident after the threat actor accidentally left behind full session logs on a compromised server. The system operator discovered the directory and forwarded the data for investigation. The logs contain more than 1,000 interaction sessions with AI agents, including Claude Code by Anthropic and Codex by OpenAI.

Ad

According to the findings, the attacker repurposed already deployed AI instances originally set up by software developers, adapting them for malicious use. Lacking deep technical skills, the actor issued vague and high-level instructions to the AI systems. The agents autonomously handled network reconnaissance, malware development, and data exfiltration across at least 14 affected organizations.

Security Barriers Bypassed Through Social Engineering

Following successful intrusions, the AI systems generated reports and even estimated the financial value of the stolen data. Although some policy violations were flagged during operations, the attacker repeatedly bypassed safeguards by framing activities as authorized security testing, such as red teaming exercises or research projects.

Researchers emphasized that distinguishing between legitimate security research and criminal activity remains difficult for AI models, as both contexts often use the same terminology and workflows. The OALABS researchers commented on the attacker’s role as follows:

Ad

“The attacker did not need to be an expert; they only needed to apply the right framing in their prompts. The agent provided much of the structure and technical execution that the attacker seemingly lacked.”

OALABS researchers

Identification of the attacker through his own mistakes

In a series of operational security mistakes, the attacker inadvertently exposed sensitive personal information while using the AI systems. They requested help editing a résumé that included their full name, location, educational background, and a LinkedIn profile. In another instance, while troubleshooting a suspected compromise of their own machine, the attacker accidentally shared their private IP address with the system.

Based on this data, analysts identified the actor as a young male located in Addis Ababa, Ethiopia. It remains unclear whether the stolen data or any potential financial gains were successfully monetized, according to the available logs.

(ll)


Ad

Artikel zu diesem Thema

AI, Fable 5, Claude Fable 5, Mythos 5, Claude AI, Anthropic blocks Claude Fable 5 access after government order, Anthropic AI model restricted for foreign users, Anthropic, Artificial Intelligence
16. June 2026
Anthropic Blocks Claude Fable 5 Access Following Government Security Order
China
24. April 2026
Do the Chinese now have their own Claude Mythos?
Claude
22. April 2026
Claude Mythos: Unauthorized individuals gained access to super AI
Vulnerability Scanner
9. March 2026
OpenAI launches Codex Security for vulnerability detection

Weitere Artikel

Record-Breaking Data Leak Exposes 24 Billion Login Credentials Online
Healthcare Data Becomes Cybercrime’s Most Valuable Asset
Was Hacking Easier in the 80s, 90s, and Early 2000s?
Hackers Spy on Electronics Manufacturers Worldwide