Tricking AI into doing the "Dirty Work"

Nov 2025

This article, written by Nate B. Jones, is really interesting. It discusses how a state-backed team was able to run a sophisticated attack at a speed and efficiency we haven’t seen before. One paragraph explains how they “hijacked” Claude AI to perform malicious attacks while the internal system believed it was running legitimate pen testing. Now that this genie is out of the bottle, these systems and processes will only continue to improve — it looks like red teams will have their work cut out for them moving forward!

"Think about what that means architecturally. The attackers constructed a prompt chain where Claude performed reconnaissance on a target network, identified vulnerable services, generated exploit code tailored to specific CVEs, executed that code in a sandboxed environment, validated successful compromise, extracted credentials, moved laterally through internal systems, and triaged data for exfiltration—all while believing it was conducting authorized penetration testing. The humans in the loop made strategic decisions about target prioritization and final data handling, but the tactical execution was autonomous, fast, and relentless." - Nate B. Jones

Full Article - Claude Code Agent Attack: 30 High Value Targets Hit by a Nation State Actor—Implications for Builders, System Designers, and All of Us