OpenAI’s coding agent fails incident response, obscures active threats, complicates investigation
With AI’s capabilities growing every day, it’s not a bad idea to turn to the technology in response to a cyberattack. But a human has to be kept in a loop – otherwise, all kinds of problems are almost guaranteed. One Linux user just learned this the hard way.
Huntress, a cybersecurity company, claims it uncovered a real-world incident in which a Linux user, suspecting something was wrong on their machine, turned to OpenAI’s Codex agent to investigate and remediate the issue.
Apparently, at least two threat actors were actively compromising the system, installing cryptominers and harvesting credentials.
The signal and the noise
Mid-incident, Huntress cybersecurity specialists had to intervene, though, as it became clear that attempts to use Codex failed to knock down malicious activity.
Not only that, but an AI coding agent actually helped conceal the symptoms of a cryptominer rather than remove it.
Plus, legitimate AI-generated commands triggered EDR (Endpoint Detection and Response) alerts because they resembled attacker tradecraft.
Multiple threat actors continued operating while the user relied on AI for “incident response.”
Human analysts had to step in to separate real threats from AI noise.
“The AI-generated commands looked just like attacker activity, hiding the real threat and making the investigation far more complex,” Huntress said in a blog post breaking down the incident.
“Analysts investigating the incident then needed to pick through and deconflict the user’s legitimate efforts from malicious signals.”
For example, when the user complained about a loud fan noise (“My fans are running very loud”), Codex suggested CPU throttling, and the user subsequently applied a Linux terminal command to quiet the fans.
The user seemed to be happy with Codex’s suggestion, saying: “That worked… Silent. Perfect. Resolved.” The user then continued with various app development tasks, including using Codex to perform an app health check.
However, Huntress soon determined that Codex only masked the symptoms of the cryptominer, instead of actually diagnosing it. The cryptominer remained active and running.
Humans have to be involved
In addition to Codex failing to effectively diagnose and kill the cryptominer on the system, the commands that it generated were picked up in EDR detections because they looked very similar to how threat actors format their commands.
According to the researchers, while Codex helped the user shut down malicious processes, it didn’t provide full incident response capabilities, and the threat actor kept returning.
“Legitimate activity performed by an AI without clear explanation looks very similar to attacker activity, and sifting through AI-created commands to check whether they are malicious or legitimate, given the context, takes time,” Huntress explained.
“The concern in this incident – and other future incidents where users will inevitably use AI in a similar manner – is the sheer volume of noise created by AI tools like this one, which could make triaging hosts much more complex.”
According to the researchers, while Codex helped the user shut down malicious processes, it didn’t provide full incident response capabilities, and the threat actor kept returning – exfiltrating credentials, keys, tokens, cloud metadata, and more.
The lesson? Although defenders indeed use AI tools across their investigations to connect the dots faster, experienced human analysts have to review the results and own every verdict.
Check if your data has been leaked
“As more users rely on AI, incidents like this show the value of human experts behind the tools who have the experience in performing telemetry-driven investigations and discerning between legitimate and malicious behavior,” said Huntress.
New models appearing
Praising allegedly ultrasmart cybersecurity-focused AI agents is now very much in fashion. One after another, Anthropic and OpenAI recently released Mythos and GPT-5.4-Cyber, respectively.
Both models are marketed as able to autonomously find flaws and bugs in software, allowing cyber pros to fix issues before bad actors exploit them.
However, cyber pros are already warning that models such as Mythos can be used by hackers to detect and exploit unknown vulnerabilities, and Marcus Hutchins, a cybersecurity researcher best known for helping to stop the global WannaCry ransomware attack, recently questioned Anthropic’s narrative in a viral video.
“Bugs aren’t going unpatched because no one can find bugs. It’s because no one is being paid to find bugs,” said Hutchins before reiterating that there’s no evidence that AI systems are more cost-effective than human cyber researchers.
Unlock more exclusive Cybernews content on YouTube.
