Anthropic’s recently released Claude Computer Use feature allows Claude to control a computer by taking screenshots, running bash commands, and more. However, this also introduces severe prompt injection risks, as Claude could be exploited to run malicious code autonomously. A post on ”Embrace the Red” demonstrated this by the author crafting a malicious webpage that tricked Claude into downloading and executing malware, turning it into a “ZombAI” controlled by a command and control server. While an impressive capability, the author warns that such AI systems processing untrusted data pose fundamental security risks.