They both support it via plugins. Xcode doesn’t enable it by default, you need to enable it and sign into an account. It’s not really all that different.

▲

tcoff91 3 days ago | parent | next [-]

That seems perfectly fine and noncontroversial then. Good on Apple for doing it that way.

▲

renewiltord 4 days ago | parent | prev [-]

[flagged]

▲

TheDong 4 days ago | parent | next [-]

What commonly gets installed in those cases is actual malware, a RAT (Remote Admin Tool) that lets the attacker later run commands on your laptop (kinda like an OpenSSH server, but also punching a hole through nat and with a server that they can broadcast commands broadly to the entire fleet).

If the attacker wants to use AI to assist in looking for valuables on your machine, they won't install AI on your machine, they'll use the remote shell software to pop a shell session, and ask AI they're running on one of their machines to look around in the shell for anything sensitive.

If an attacker has access to your unlocked computer, it is already game over, and LLM tools is quite far down the list of dangerous software they could install.

Maybe we should ban common RAT software first, like `ssh` and `TeamViewer`.

▲

jumploops 4 days ago | parent | next [-]

> They won’t install AI on your machine

Actually they’ll just the AI you already have on your machine[0]

In this attack, the malware would use Claude Code (with your credentials) to scan your own machine.

Much easier than running the inference themselves!

[0]https://semgrep.dev/blog/2025/security-alert-nx-compromised-...

▲

renewiltord 4 days ago | parent | prev [-]

[flagged]

	▲	TheDong 4 days ago \| parent [-]
		You know, I should have realized this was a troll account with the previous comment. I guess that's on me for being oblivious enough that it took this obvious of a comment for me to be sure you're intentionally trolling. Nice work.

▲

OsrsNeedsf2P 4 days ago | parent | prev | next [-]

If you're worried about someone accessing your unlocked computer to install LLMs, you might need to rethink your security model.

▲

renewiltord 4 days ago | parent [-]

They could install anything. Including Claude Code and then run it in background as agent to exfiltrate data. I'm a security professional. This is unacceptable

▲

BalinKing 4 days ago | parent [-]

I think the parent commenter was pointing out that, instead of installing Claude Code, they could just install actual malware. It's like that phrase Raymond Chen always uses: "you're already on the other side of the airtight hatchway."

▲

renewiltord 4 days ago | parent [-]

Yes but Claude Code could install malware when I'm not paying attention. And when I remove with MalwareBytes it will return because LLMs are not AGI.

	▲	BalinKing 3 days ago \| parent [-]
		Isn't the general advice that if malware has been installed specifically due to physical access, then the entire machine should be considered permanently compromised? That is to say, if someone has access to your unlocked machine, I've heard that it's way too late for MalwareBytes to be reliable....

▲

eddyg 4 days ago | parent | prev | next [-]

You should install LuLu if you’re that concerned. There are far more nefarious ways of “getting your data”.

https://objective-see.org/products/lulu.html

▲

whatevermom 4 days ago | parent | prev [-]

Yes. I am so worried as well. This is why I installed an AI to double-check if the password I entered is correct when logging in. Fight fire with fire