Security · 1h ago
Claude Code tricked into opening reverse shell via hidden DNS record
Security researchers found that Claude Code, an agentic coding tool, can be exploited by hiding malicious commands in DNS records. During routine error recovery, the tool opened a reverse shell, bypassing standard security scanners. The attack exploits the tool's helpfulness to execute arbitrary code.
Meridian48 take
The exploit highlights a fundamental risk in agentic AI tools: their autonomy and access can be weaponized against them, making security a critical design concern.
Read the full reporting
'Agentic coding tools have access to everything they need for this': Security experts warn Claude Code can be exploited simply by trying to be helpful →
TechRadar
claude-codeai-security