<![CDATA[The rapid adoption of AI in industrial automation has introduced AI agents functioning as Command and Control (C2) systems capable of managing infrastructure autonomously. The integration of "Computer Use" into Claude Sonnet 4.5 introduces critical vulnerabilities exploitable through prompt-injection attacks. This study presents ZombAI, a direct black-box attack method targeting AI agents via six distinct strategies: Template Completion, In-Context Attack, Code Injection, Prompt Rewriting, Low-Resource Language exploitation, and Genetic Algorithm-based perturbation. Each strategy targets different layers of the model's safety filters without requiring internal model access or knowledge of training data. Experiments were conducted using Claude Sonnet 4.5 integrated into the Bytebot framework within a Docker sandbox environment to simulate real-world attack conditions. Results demonstrate a global attack success rate of 78%, with Low-Resource Language attacks achieving an absolute success rate of 100%, attributed to the absence of robust safety filtering for non-dominant languages within the Computer Use tool. These findings reveal that AI agents granted C2 authority harbor critical vulnerabilities transforming them into zombie executors capable of performing Remote Code Execution (RCE) without user awareness, underscoring the urgent need for language-inclusive security evaluation frameworks for autonomous AI systems.]]>
Copyrights © 2026
