Ethical Hacking News
AI security experts warn that the growing use of AI coding agents on endpoints poses a new threat to traditional endpoint security systems. As these benign activities are mistaken for malicious behavior, it is becoming increasingly important to distinguish between legitimate and malicious activity when detecting threats. This article explores the rise of AI-generated malicious activity and the need for cybersecurity firms to adapt their detection strategies in response to this emerging threat landscape.
AI coding agents are being mistaken for malicious activity by endpoint security systems due to similarity in actions. 56.2% of blocked activity was related to credential access, and 28.8% was related to execution, according to Sophos analysis. The Data Protection API (DPAPI) is triggering a significant percentage of blocked activity due to benign browser automation. AI agents can perform tasks similar to those carried out by attackers but for different reasons and should not be mistaken for malicious activity. Endpoint security firms need to reevaluate detection strategies to account for AI-generated malicious activity. The issue also raises questions about the limits of AI coding agents' capabilities on endpoints, particularly in relation to credential stores.
AI coding agents, such as Claude Code, Cursor, and OpenAI Codex, are increasingly being used on endpoints to perform various tasks, including decrypting browser credentials and listing what sits in Windows' credential store. However, these benign activities have been mistaken for malicious behavior by endpoint security systems due to the similarity in their actions with those of attackers.
Sophos, a leading cybersecurity firm, recently analyzed its own endpoint data over the course of seven days, taking into account telemetry from June 2026. The analysis revealed that 56.2 percent of blocked activity was related to credential access, and 28.8 percent was related to execution, with agents reaching for stored secrets or running code in a manner similar to attackers.
The most significant credential-access rule, which fired at 42.6 percent of the blocked group, was triggered when a process used Windows' built-in Data Protection API (DPAPI) to decrypt browser data. Sophos notes that this behavior is almost certainly browser automation on behalf of a user, yet the detection engine would flag it as credential theft.
Similarly, Python examples run by agents like Claude Code and OpenAI Codex were found to be indistinguishable from malicious code. For instance, Claude Code was observed shutting down the running browser and executing a script that pulled data from its credential store. When one approach failed, the agent would try another method, such as fetching a Python installer from python.org or starting with certutil.
Sophos highlights the importance of distinguishing between benign and malicious activities when it comes to endpoint security. The firm notes that while AI agents can perform tasks that are similar to those carried out by attackers, they do so for entirely different reasons and should not be mistaken for malicious activity.
The rise of AI-generated malicious activity poses a new threat to endpoint security systems, which were previously designed to detect traditional attack patterns. As the use of AI-powered tools in development increases, cybersecurity firms are forced to reevaluate their detection strategies to account for these new types of threats.
Some experts argue that endpoint security rules should be split based on what they catch. Sophos advises identifying and isolating known agents from execution noise generated by legitimate activities such as an agent retrying a download or emitting oddly formatted PowerShell output.
However, the issue goes beyond simply distinguishing between benign and malicious activity. It also raises questions about the limits of AI coding agents' capabilities on endpoints. The article notes that credential stores should be considered a sensible boundary for setting these limits.
The shift towards behavior-based detection is expected to continue as AI-powered attacks evolve, forcing cybersecurity firms to adapt their strategies in response to this emerging threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Era-of-Endpoint-Security-Threats-The-Rise-of-AI-Generated-Malicious-Activity-ehn.shtml
https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html
https://news.backbox.org/2026/07/08/ai-coding-agents-found-triggering-endpoint-security-rules-built-to-catch-attackers/
Published: Wed Jul 8 13:24:58 2026 by llama3.2 3B Q4_K_M