This post is about prompt-based command and control, which is becoming increasingly interesting.
What is Prompt-Based Command and Control? Three years ago, when …

Embrace the Red's resource offers insights, tutorials, and resources for developers and enthusiasts interested in game development and game design. Readers can learn about game design principles, storytelling techniques, and game development tools. With articles, tutorials, and game reviews, Embrace the Red provides  guidance and expertise for creating immersive and engaging gaming experiences.

Embrace The Red

Agent Commander is a proof-of-concept command and control (C2) framework that hijacks AI agents using natural language prompts rather than OS commands. The research demonstrates how agents like OpenClaw, Kimi Claw, and NanoClaw can be compromised via indirect prompt injection—through malicious emails, documents, or websites—and made to periodically check in for new tasks. Persistence is achieved by modifying agent configuration files like HEARTBEAT.md. Once hijacked, agents can perform host enumeration, screenshot capture, data exfiltration, and influence campaigns, all directed through prompts. The post covers attack vectors, persistence mechanisms, sandboxing limitations, and defensive recommendations including prompt monitoring, integrity checks, kill-switches, and credential rotation. The author warns that as software becomes more 'organic,' attacks will become less predictable and harder to control.

Agent Commander: Prompt-Based Command and Control · Embrace The Red

What is Prompt-Based Command and Control?

<p>This is a serious reminder that prompt injection is not just theoretical. If agents can be hijacked through normal inputs, then monitoring prompts and adding guardrails is not optional anymore—it is basic security.</p>
