ZombAIs: From Prompt Injection to C2 with Claude Computer Use · Embrace The Red
A few days ago, Anthropic released Claude Computer Use, which is a model + code that allows Claude to control a computer. It takes screenshots to make decisions, can run bash commands and so forth.
It’s cool, but obviously very dangerous because of prompt injection. Claude Computer Use enables AI to run commands on machines autonomously, posing severe risks if exploited via prompt injection.
So, first a disclaimer: Claude Computer Use is a Beta Feature and what you are going to see is a fundamental design problem in state-of-the-art LLM-powered Applications and Agents. This is an educational demo to highlight risks of autonomous AI systems processing untrusted data. And remember, do not execute unauthorized code systems without authorization from proper stakeholders.
Nevertheless, I wanted to know if it is possible to have Claude Computer Use download malware, execute it and join Command and Control (C2) infrastructure. All via a prompt injection attack!
/cloudfront-us-east-2.images.arcpublishing.com/reuters/GGMGHBONFRM6TCFALZQYWYSVRE.jpg)
