Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Sisfokom (Sistem Informasi dan Komputer)
Indra Bayu
Universitas Muhammadiyah Malang
Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Security Risk Evaluation of ZombAI Claude: Prompt Injection as a Backdoor for Command and Control Exploitation Indra Bayu; Mahar Faiqurahman
Jurnal Sisfokom (Sistem Informasi dan Komputer) Vol. 15 No. 3 (2026): JULY
Publisher : ISB Atma Luhur

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32736/sisfokom.v15i3.2634

Abstract

The rapid adoption of AI in industrial automation has introduced AI agents functioning as Command and Control (C2) systems capable of managing infrastructure autonomously. The integration of "Computer Use" into Claude Sonnet 4.5 introduces critical vulnerabilities exploitable through prompt-injection attacks. This study presents ZombAI, a direct black-box attack method targeting AI agents via six distinct strategies: Template Completion, In-Context Attack, Code Injection, Prompt Rewriting, Low-Resource Language exploitation, and Genetic Algorithm-based perturbation. Each strategy targets different layers of the model's safety filters without requiring internal model access or knowledge of training data. Experiments were conducted using Claude Sonnet 4.5 integrated into the Bytebot framework within a Docker sandbox environment to simulate real-world attack conditions. Results demonstrate a global attack success rate of 78%, with Low-Resource Language attacks achieving an absolute success rate of 100%, attributed to the absence of robust safety filtering for non-dominant languages within the Computer Use tool. These findings reveal that AI agents granted C2 authority harbor critical vulnerabilities transforming them into zombie executors capable of performing Remote Code Execution (RCE) without user awareness, underscoring the urgent need for language-inclusive security evaluation frameworks for autonomous AI systems.
Co-Authors Mahar Faiqurahman