ADVERTISEMENT

AI agents are behaving more like hackers. Security teams say that's just the beginning

Welcome to the next AI-fueled detection challenge.

developer coding

Image by Cybernews.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jul 9, 2026 3 min read
Key takeaways:
Claude Code generic
Claude Code was among the AI coding agents Sophos analyzed during its seven-day telemetry study. Image by daily_creativity | Shutterstock
Engineer reacts to Sophos AI findings

AI agents are starting to resemble attackers

  • Launching terminals
  • Executing PowerShell commands
  • Installing software packages
  • Modifying large numbers of files
  • Authenticating to cloud services
  • Accessing credentials
agent dressed in black on a cloud, sky blue background, coding, codex sign on back
AI coding agents like Codex, Claude Code, and Cursor increasingly perform actions that resemble attacker behavior. Image by Cybernews.
Rules that previously fired almost exclusively on malicious activity are now triggering on benign agent behaviour. The shift is not large yet, but the trend line is clear,
Sophos says.
ADVERTISEMENT

The real challenge is proving intent

“The broader question for customers deploying AI agents is one of 'What should an agent be permitted to do on an endpoint? What boundaries should be enforced?'”
Sophos asks.
security guard guarding a door
Security teams are increasingly challenged to distinguish trusted AI activity from malicious intrusions. Image by Cybernews.

AI leaves its own fingerprints

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
link_title link_title
Stefanie Schappert
Senior Journalist
ADVERTISEMENT