BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

AI coding agents trigger security alarms by mimicking hackers

AI coding agents like Claude Code, Cursor trigger endpoint detection rules mimicking human attacker behavior

  • AI coding agents like Claude Code, Cursor, and OpenAI Codex are triggering endpoint detection rules designed for human attackers, according to a seven-day Sophos telemetry analysis.
  • Credential access accounted for 56.2% of blocked activity, with agents using Windows’ DPAPI to decrypt browser credentials—mimicking credential theft.
  • Agents also pivot when blocked, using legitimate tools like certutil and bitsadmin, behavior that now blurs the line between benign automation and live attacks.
  • CrowdStrike’s 2026 Global Threat Report found 82% of 2025 detections were malware-free, a shift that makes AI-generated behavioral noise a growing challenge for defenders.

Sophos analyzed a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious but perform actions that, to a behavioral engine, look exactly like an attack. Decrypting browser credentials, listing Windows’ credential store, and writing to the startup folder have long been high-signal indicators for defenders.

- Advertisement -

According to Sophos’s analysis, credential access comprised 56.2% of blocked activity, while execution made up 28.8%. The biggest credential-access rule, at 42.6% of that group, fires when a process uses Windows’ DPAPI to decrypt stored browser data. Sophos caught this behavior running under Claude Code, likely as browser automation on the user’s behalf. In another instance, Claude Code shut down the running browser and pulled data from its credential store, and separately ran cmdkey /list to enumerate Windows Credential Manager entries—using the –dangerously-skip-permissions flag.

When one approach fails, agents try another. OpenAI Codex fetched a Python installer from python.org using certutil, then switched to bitsadmin when blocked. Both are legitimate Windows utilities abused by attackers. Cursor tripped a persistence rule by using PowerShell to drop a startup-folder script, a classic persistence technique. Sophos notes that this pivot-when-blocked behavior now occurs with benign agents, mirroring live attackers.

The challenge is broader. A month earlier, Sophos documented an attacker using AI agents to build and test malware against EDR products. Meanwhile, CrowdStrike’s 2026 Global Threat Report found 82% of 2025 detections were malware-free, with attackers using valid credentials and trusted tools. AI agents now generate the same behavioral signals for ordinary reasons, crowding the signal defenders rely on.

Sophos recommends scoping rules to agent parent processes and workspace paths, while holding the line on credential-touching behavior. Developers should disable the –dangerously-skip-permissions mode through managed settings. The open policy question remains: what should a coding agent be allowed to touch on an endpoint at all?

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin ETFs net $510M in 3 days, reversing record slump

Bitcoin ETFs have generated $510 million in net inflows over the past three days.Sentiment...

Robinhood’s ‘valuable moat’ shields it from Hyperliquid threat

Robinhood shares fell about 2% on Wednesday amid a broad market sell-off, but analysts...

AscendEx ceases operations after failed strategic deal

Crypto exchange AscendEx ceased operations on July 1, 2026, citing a lack of EU...

Bitcoin drops to $61.5K as Trump ends Iran ceasefire

Bitcoin dropped to $61,500 after President Trump declared the Iran ceasefire "over" at a...

Ubiquiti patches critical flaws in UniFi products

Ubiquiti released emergency patches for seven critical vulnerabilities across its UniFi product line, with...

Must Read

How To Buy a Handshake Domain: A Step-by-Step Guide

Handshake Domains | Benefits | Drawbacks | How To Buy | Supported BrowsersIn this step-by-step guide, I am going to show you how to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading