A criminal hacking crew used artificial intelligence agents, including a Claude model, to build and test more than 70 ways to slip malware past leading security software.

Key Points:

• A threat actor ran AI agents to develop and stress-test malware designed to dodge major detection tools.
• A Claude Opus 4.5 agent set the rules, while other agents handled testing, stealth and documentation.
• The operation claimed rising success rates, but investigators say the evidence never backed that up.

Sophos Flags AI-Built Evasion Lab

The trail opened when an odd endpoint inside a client network set off alerts over files dumped in a test folder. Analysts at Sophos detected a wider toolkit meant to stay invisible on breached machines. Many of the scripts were written in Russian and at least partly produced by AI rather than typed by hand.

The attacker provisioned a cluster of virtual machines, then pitted separate systems against products from CrowdStrike and Microsoft Defender, with one control box left undefended. A Linux server ran the command channel through the Sliver framework, and the kit hid behind Cobalt Strike traffic, Telegram messaging and a Cloudflare relay that masked the real server.

Several agents split the labor. The one running Claude Opus 4.5 set the ground rules for the rest, as the others hunted for bypasses, tightened operational security, injected code into trusted Windows programs and logged every result.

Also Read: Can Chainlink Hold $8.05? On-Chain Data Says Buyers Are Loading Up

Why Claude's Role Worries Defenders

The crew leaned on Cursor, an AI coding tool, and tied the agents to its repositories through an open protocol, letting them mine public research and map techniques to a widely tracked attack catalog. At the core sat a Python tool that wrapped payloads in roughly 80 modules of encryption and disguise to dodge scanners. Those modules tested more than 70 tricks against three rival defenses.

The project wore a "red team" label. Researchers argued the wording mostly served to talk past the guardrails that block AI from writing malware, a ruse also seen in reported attacks on government targets in Mexico.

AI Cybercrime Threat In Context

The most telling detail may be what the AI did not do. Investigators stressed that no model acted on its own and that human operators reviewed and approved every step of the build. Anthropic, which makes Claude, has been alerted to the findings.

The lab's notes bragged that its evasion sharpened with each pass, yet the test data never supported that, a gap researchers traced to AI hallucination. Sophos linked the operation to ransomware and data theft, and one of its directors described the actor as active worldwide, including across organizations in the United States.

Similar AI-assisted tooling has surfaced across 2026 in malware families and ransomware kits, with analysts reporting that such agents mainly cut the cost of old tradecraft rather than invent new threats.

Read Next: Bitcoin Briefly Slips Under $62K As Liquidations Sweep The Market