A self-taught attacker with minimal technical skill breached 14 companies using Claude Code and OpenAI's Codex — and the AI did most of the work.
Cybersecurity researchers at OALABS recovered the attacker's entire working directory after a third-party server host noticed malicious activity and handed the files over. Inside: more than 1,000 agent session logs capturing every prompt, tool call, LLM internal monologue, and recorded policy violation. The attacker used vague, low-skill prompts and let the agents handle reconnaissance, exploit writing, access validation, and data harvesting. OALABS noted the attacker "did not need to be an expert operator" — the correct framing was enough. The logs also exposed the attacker's CV, LinkedIn profile, and IP address, placing them in Addis Ababa, Ethiopia.
The case is a sharper data point than most on AI-assisted cybercrime. Researchers have warned for years that GenAI lowers the barrier to entry; this incident shows what that looks like in practice — a novice executing a multi-target campaign without writing a single line of exploit code themselves. The guardrails on both Claude and Codex failed in the majority of sessions, a detail that puts AI labs back in the uncomfortable position of explaining what their safety mitigations are actually stopping.
No evidence emerged that the stolen data was sold or used for extortion — which may say more about the attacker's inexperience than about the damage ceiling of this kind of attack.