- OALABS analyzed the entire working directory of a novice attacker and shows 14 breaches made with agents from Claude Code and Codex.
- The attacker used vague instructions; AI agents handled reconnaissance, exploit writing, and data collection, bypassing security barriers with ease.
- Searches revealed the identity and location of the attacker in Addis Ababa, Ethiopia
A rookie cybercriminal managed to break into 14 organizations and steal sensitive data, simply by using Anthropic’s Claude Code and OpenAI’s Codex agents. This is stated by cybersecurity researchers OALABS, who recovered and analyzed the attacker’s entire work directory.
Researchers used this news as further evidence that advanced Generative Artificial Intelligence (GenAI) models are significantly lowering the barrier to entry for cybercrime and to sound the alarm that the security community must step up.
“In many cases, the attacker provided only vague, low-skill prompts and allowed Claude to fill in the gaps: investigate exposed services, identify potential vulnerabilities, write exploit code, validate access, and collect data,” the researchers said. “The attacker did not need to be a skilled operator; he simply had to use the correct framing for his instructions. The agent provided much of the structure and technical execution that the attacker seemed to lack.”
Doxxing the attacker
OALABS could find no evidence that the stolen data was monetized in any way, either by selling it on the dark web or by extorting victim companies. However, they found numerous evidence regarding the identity and whereabouts of the attacker.
According to the researchers, the attacker did not run the AI agents on their own infrastructure, but on a third-party server, and when that third party discovered malicious activity, they downloaded the entire working directory and shared it with the researchers.
“Because the agents were local to the host, their full session logs were recovered, including attacker prompts, tools used, large language model (LLM) internal monologue, and any policy violations recorded during sessions,” the researchers said.
In this way, OALABS was able to analyze more than 1,000 agent sessions and saw how the attacker could easily bypass most of the agents’ security barriers. Also among the sessions was the threat actor’s CV with his full name, location, educational history and LinkedIn profile, as well as his IP address showing he was located in Addis Ababa, Ethiopia.
Through Help Network Security
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
