AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
Publish Date: 2026-07-08 13:02:00
Source Domain: thehackernews.com
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders.
The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack.
Decrypting browser credentials, listing what sits in Windows’ credential store, pulling files down with built-in system tools, writing to the startup folder: these have long been high-signal to defenders.
What has changed is who is generating it. On the machines Sophos watched, it was often a developer’s AI assistant going about ordinary work.
What set the alarms off
The analysis draws on seven days of telemetry from June 2026, taken from Sophos’s behavioral engine on Windows and counted by unique machines, not raw event volume. It is a narrow window on one vendor’s fleet, not an industry census.
Sophos’s charts put credential access at 56.2 percent of the blocked activity and execution at 28.8 percent: agents reaching for stored secrets, or running code the way attackers do.
The biggest credential-access rule, at 42.6 percent of that group, fires when a process uses Windows’ built-in Data Protection API, or DPAPI, to decrypt the browser’s stored credential data. Sophos calls GStack a widely adopted skill pack for coding agents.
Its /browse skill does exactly that, running PowerShell that calls DPAPI to unlock saved browser data. Sophos caught it running under Claude Code. In context, it is almost certainly browser automation on the user’s behalf. To the detection engine, it is credential theft, and the rule is right to fire.
Some Python examples looked worse on paper. In one instance, Claude Code shut down the running browser and ran a script that pulled data from its credential store.
Separately, it ran cmdkey /list to enumerate the credentials Windows Credential Manager was holding. Sophos notes that Claude Code here ran with…