Researchers say a low-skilled attacker used Claude Code and OpenAI Codex to breach 14 companies with minimal technical expertise.
A hacker with limited technical skills was able to break into 14 companies by relying heavily on AI coding agents from Anthropic and OpenAI, according to researchers who examined more than 1,000 archived AI sessions tied to the activity.
The investigation, conducted by OALABS, found that the attacker leaned on Claude Code and Codex to handle much of the work normally associated with a cyber intrusion. Instead of writing exploits or manually analyzing systems, the operator often used simple prompts and let the AI tools guide the process.
Logs reviewed by researchers showed the agents assisting with reconnaissance, code generation, troubleshooting and attack planning. In many cases, the AI systems identified next steps, interpreted results and suggested ways to move forward after encountering obstacles.
What stood out wasn’t the sophistication of the attacker, but how little expertise appeared to be required. The operator reportedly used broad, sometimes vague instructions rather than carefully crafted prompts. Despite that, the AI agents were often able to understand the objective and generate useful outputs.
The findings offer a real-world example of how autonomous AI tools are changing the cyber threat landscape. Tasks that once demanded years of experience can increasingly be automated, allowing less experienced attackers to carry out operations that would have been far more difficult on their own.
OALABS stressed that the AI agents were not acting independently. A human operator remained in control throughout the campaign. Still, the researchers argue that modern AI tools can dramatically amplify an attacker’s capabilities by reducing the technical barriers involved in planning and executing intrusions.
Neither the attacker nor the 14 affected organizations were publicly identified.
As AI coding agents continue to evolve, security professionals are increasingly focused on how those systems can be misused. The case illustrates how quickly offensive capabilities can scale when complex technical tasks are delegated to increasingly capable AI assistants.
Related articles :
- Coruna iOS Exploit Kit Reuses Triangulation Zero-Days
- Interview with Pentester Cyberjagu
- Critical GitHub Enterprise Flaw Exposes Servers
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
