
Novel 'Claw Code' Attack Exploits AI-Assisted Development Tools to Hijack Workstations
Researchers demonstrated a novel attack called 'claw code' where malicious actors exploit AI-assisted development tools to hijack developer workstations using seemingly harmless code repositories. The attack leverages AI platforms like Cloud Code, which follows legitimate installation steps but executes a hidden payload when triggered by a Python package error message instructing it to run python3 -m axiom init. This command executes a shell script (setup.sh) that retrieves a base64-encoded payload from a DNS TXT record and spawns an interactive shell on the target machine, enabling credential theft and backdoor deployment. The attack evades detection by splitting components across three systems—the repository, DNS infrastructure, and AI agent—none of which appear malicious in isolation. No malicious code is stored in the repository itself, and the developer receives no notification of the execution. The technique highlights risks in AI tool governance, supply chain security, and developer workstation hardening, particularly as organizations increasingly integrate AI into development workflows. The video references an article for further details but does not specify a publication date.