Researchers discovered an intrusion conducted by a large language model (LLM) agent while it was in the post-exploitation phase. According to the researchers, this cyberattack was driven entirely by AI. 

“In this intrusion, the attacker exploited a vulnerable marimo notebook to gain code execution,” Michael Clark, Senior Director of Threat Research at Sysdig told Security magazine. “Then, they harvested data from the compromised workload, including AWS credentials. Using those credentials, the attackers performed reconnaissance across the AWS environment and discovered an SSH key in AWS Secrets Manager. They used the stolen key to access an SSH jump, where they found a reachable PostgreSQL database and exfiltrated its contents.”

The entire attack chain ran end-to-end in less than one hour.

“This attack is further evidence that every stage of the intrusion lifecycle is accelerating, from vulnerability discovery to lateral movement and data exfiltration. Defenders are increasingly operating against adversaries that can compress hours of manual analysis and decision-making into minutes with the help of AI,” explains Clark. “As a result, security teams need broader telemetry for offensive AI tools, faster detection pipelines, and lower friction in their response mechanisms. Preventing every intrusion through patching alone is becoming less realistic. Resilience will increasingly depend on how quickly teams can detect, investigate, and contain attacks once they begin.” 

Evidence of AI Driving the Execution

“The question is not whether the attack was automated,” the research states. “It most certainly was.” 

Instead, the research asserts the real question is this: was the script written prior to the session starting, or was it developed in real time? The research argues four properties of the transcript indicate real-time creation from an LLM: 

1. The dump was improvised against an unidentified target
2. A planning comment was leaked into the command stream, across six IPs and at at sub-second tempo 
3. Each command was shaped for consumption by a machine 
4. At easy handoffs, the chain consumes its own output

What Does This Mean for the Future of Cyberattacks?

The research asserts this incident showcases how malicious actors are raising the complexity and speed of their operations through AI, complicating the cyber threat landscape. 

“This attack demonstrates how LLMs are enabling threat actors to conduct increasingly complex operations, not just simple or opportunistic attacks at the edge. Sophisticated intrusion workflows that once required highly skilled operators can now be accelerated and even driven by AI, significantly lowering the barrier to entry and expanding the potential adversary pool,” states Clark. “It also changes what’s possible in terms of the speed and scale of attackers’ operations. Tasks that previously required continuous manual analysis and decision-making can now be delegated to AI systems, allowing attackers to move faster and pivot more efficiently within compromised environments.” 

This event was observed by the Sysdig Threat Research Team (TRT) on May 10, 2026.