AI‑Driven Prompt RCE and 0‑Click Claude Exploit Spark New Threat Wave

The latest ThreatsDay Bulletin reports a coordinated surge of AI‑powered attacks. Researchers uncovered a prompt‑injection remote code execution (RCE) flaw that lets adversaries execute arbitrary code by crafting malicious inputs to AI models. In parallel, a zero‑click exploit was observed targeting the Claude AI system, allowing attackers to gain footholds without any user interaction. Both campaigns leveraged the RenEngine loader, a trusted‑looking binary that silently pulls in fresh zero‑day payloads, indicating a shift toward using legitimate‑appearing tools for stealthy intrusion.

These techniques dramatically raise the risk profile for organizations that integrate generative AI into workflows. Prompt‑based RCE can compromise any environment that trusts AI‑generated code, while 0‑click exploits bypass traditional phishing defenses entirely. The use of RenEngine masks payload delivery, making detection by conventional AV and EDR solutions harder. Defenders must prioritize monitoring for anomalous AI prompt patterns, enforce strict code review of AI‑generated scripts, and deploy behavior‑based detection for unknown loaders to mitigate this emerging threat surface.

Categories: Malware & Ransomware, Vulnerabilities & Exploits, AI Security & Threats

Source: Read original article