I put Claude Code inside docker (on a remote throwaway vm) to protect against supply chain attacks when it does something like `npm i`, but as I gamed that out, there were indeed many more things to protect against (like copy claude's config file into the image) and I'm still not confident about it.

I should really build my own cli if I want to use this.

optimism

 in Hamburg this year. The Chaos Communication Congress was once again packed with great talks, amazing people, awesome events and side quests - and I even got to present!

You can watch the talk with translation options on 

I also uploaded the English version to the Embrace The Red YouTube channel. I hope it’s interesting and helpful.

The talk is titled “Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents” and is about my security research on vulnerabilities in agentic systems and the 

Looking forward to the next Chaos Communication Congress.

Safe travels back home and Happy Hacking, everyone!

> It was great to attend the `39C3 - Power Cycles` in Hamburg this year. The Chaos Communication Congress was once again packed with great talks, amazing people, awesome events and side quests - and I even got to present!
>
> You can watch the talk with translation options on [media.ccc.de](https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents).
>
> I also uploaded the English version to the Embrace The Red YouTube channel. I hope it’s interesting and helpful.

https://www.youtube.com/watch?v=TWhKGqYQT9g

> The talk is titled “Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents” and is about my security research on vulnerabilities in agentic systems and the [Month of AI Bugs](https://monthofaibugs.com/) with lots of demos.
>
> A PDF version of the slides is [here](https://embracethered.com/blog/downloads/Agentic-ProbLLMs-39c3-December-2025.pdf).
>
> Looking forward to the next Chaos Communication Congress.
>
> Safe travels back home and Happy Hacking, everyone!
>
> Johann.