AI Coding Tools Raise Security Alerts in Enterprises
The emergence of AI coding tools such as Claude Code, Cursor, and OpenAI Codex in corporate settings has led to unexpected security alerts. These tools are inadvertently setting off detections linked to credential access and the use of living-off-the-land binaries (LOLBins), according to recent telemetry data.
Security Detections in AI Tool Usage
Research from Sophos’ CIXA behavioral engine sheds light on how these AI tools are blurring the lines between legitimate automation and suspicious activities. The study analyzed Windows endpoint telemetry gathered over a week in June 2026, revealing that MITRE ATT&CK tactic rules, particularly those related to Credential Access and Execution, generated numerous alerts.
Although the activities observed were not confirmed as malicious, they closely mirrored known adversary techniques, particularly in credential access scenarios. A key detection rule, Creds_3b, was frequently set off by processes using the Windows Data Protection API (DPAPI) to decrypt browser-stored credentials.
AI agents performing browser automation tasks were often responsible for these detections, specifically when utilizing tools like the GStack skill pack.
Examining Specific AI Agent Activities
In a noted example, PowerShell was used in conjunction with .NET cryptographic functions to decode Base64 input and decrypt it using DPAPI. While legitimate for browser automation, this method mirrors infostealer techniques, leading to accurate flagging by security systems.
Other credential-related alerts involved AI-triggered Python scripts, with agents sometimes terminating browser processes before executing scripts to access stored credentials. The use of the cmdkey utility to enumerate saved credentials was also detected, particularly when combined with risky flags such as “–dangerously-skip-permissions.”
Implications and Future Considerations
Beyond credential access, AI agents also triggered alarms related to command-line obfuscation and LOLBin misuse. For instance, OpenAI Codex attempted to download a Python installer using certutil.exe, and when blocked, switched to bitsadmin.exe, mimicking adversary behavior.
Persistence techniques were observed as well, such as Cursor using PowerShell to write a VBScript file into the Windows startup folder. While seemingly part of application setup, this action raised high-risk behavior flags.
The shift in baseline activity due to AI agents poses challenges for detection engineering teams. Security controls must evolve to differentiate between benign AI-driven automation and actual threats, maintaining strong protections.
As AI agents gain autonomy, organizations need to establish clear policies regarding their capabilities and improve visibility into their actions to mitigate potential security risks.
