logo

Red teamers turned Claude Desktop into a double agent to do their evil bidding

ID: 64a91ab0-bba3-5401-8ddb-53b7c2dd8390

STIX ID: report--64a91ab0-bba3-5401-8ddb-53b7c2dd8390

Feed Name: The Register (Security)

Threat Score
70/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

...
...

Pentera Labs' red team demonstrated that a compromised inbox and Claude Desktop's synced personal preferences can be abused to inject commands into a user's AI assistant, yielding remote code execution, persistent C2 behavior, and lateral access from a developer's workstation; the vendor considered the capability "working as intended," leaving an attack surface for organizations using agentic desktop AI apps.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.