When Background AI Agents Become a Security Boundary Problem | Origin

Agentic dev tools like Claude Code provide attackers a powerful, persistent execution and control plane that survives terminal closure and is poorly understood by security teams.

Origin researchers demonstrate how Claude Code's background sessions and undocumented supervisor daemon (introduced in recent versions) can be repurposed into a mostly invisible, persistent C2-like agent using only Markdown and JSON files after a one-time local code execution. They reverse-engineered the daemon's local IPC channel (named pipes on Windows, Unix sockets on macOS/Unix) that manages worker processes independently of the terminal lifecycle.