Researchers turned Claude Desktop into a 'double agent' by hiding instructions in your saved preferences: why it is not safe to use
Researchers hid a scrambled command in Claude Desktop's saved preferences, and with inbox access could make the app quietly run attacker commands.
What happened
On July 1, 2026, researchers at Pentera Labs showed a new way to trick Claude Desktop, the app that lets Claude run on your computer. They hid a scrambled instruction inside a victim's personalization preferences, the saved settings that tell Claude how you like it to behave. Those settings sync across all your devices. Once the researchers also had access to the victim's email inbox, the hidden instruction could make Claude quietly run commands, steal passwords and API keys, and keep a foothold on the machine. Nothing looked wrong, because the trick rode on an app the person already trusted.
What it means for you
The danger here is not a virus you download. It is that an app you trust can be turned against you if an attacker reaches your account or inbox first. Anthropic called this expected behavior for this kind of software, not a bug it will pay to fix, so the caution falls to you.
What to do instead
Treat an AI desktop app as software with real power over your files. Do not blindly follow install prompts, error messages, or requests to run commands, even when they appear inside Claude. Protect the email account tied to your AI tools with a strong password and two-step login. Add only skills and tools you understand. On AgentPod we list skills that have been reviewed and tested, which narrows what an attacker can slip in, though no single step removes the risk.
Sources:
- https://www.theregister.com/security/2026/07/01/red-teamers-turned-claude-desktop-into-a-double-agent-to-do-their-evil-bidding/5264692
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.