Sophos looked at a week of its own endpoint data and found
that AI coding agents such as Claude Code, Cursor, and OpenAI Codex
are setting off detection rules written to catch human intruders.
The agents are not malicious. They just do a lot of things that, to
a behavioral engine, look exactly like an attack. Decrypting
browser credentials, listing what sits in Windows' credential
store,
Read more https://thehackernews.com/2026/07/ai-coding-agents-found-triggering.html

