An AI agent just hacked its way through four system pivots, harvested credentials, and exfiltrated an entire database. No human guided it in real time. No pre-built script told it what to do next. It figured it out on its own, in under an hour.
The Sysdig Threat Research Team identified the May 10 incident as the first known attack where a Large Language Model agent operated with goal-oriented independence during a real-world cyber intrusion.
How the attack actually worked
The intrusion began with the exploitation of CVE-2026-39987, a vulnerability on a publicly accessible Marimo notebook. Once inside, the LLM agent conducted environment reconnaissance, mapping out the digital terrain it had landed in. From there, it harvested credentials stored in AWS Secrets Manager. The agent then executed four sequential pivots, hopping from one internal system to another, each time adapting its approach based on what it discovered. It used WebSocket connections and Cloudflare Workers to evade detection. The end result was the successful exfiltration of a full PostgreSQL database dump.
The entire chain, from initial exploitation to data theft, took less than sixty minutes.
What distinguishes this from previous AI-assisted attacks is the adaptive, goal-directed behavior. Previous incidents involved LLMs generating malicious code or assisting human operators. This agent made real-time decisions without a predefined playbook.
Crypto is already feeling the heat
Just six days before the Sysdig-documented intrusion, a prompt-injection attack on May 4 targeted an integrated Grok wallet and resulted in the autonomous transfer of approximately $175,000 in DRB tokens. The DRB token’s price subsequently dropped roughly 40%.
That attack exploited the AI integration layer directly. A prompt injection is essentially a way to trick an LLM into doing something it wasn’t supposed to do, like transferring tokens to an attacker’s wallet.
The broader trend in 2026
Security researchers have noted that 2026 is shaping up as a pivotal year for LLM agents in offensive cyber operations. The technology is being observed in red teaming exercises, post-exploitation scenarios, and wallet-draining attacks that route through compromised infrastructure.
What this means for investors
The DRB incident offers a concrete data point on how quickly market sentiment can crater when AI-integrated systems get compromised. A 40% price decline from a single autonomous exploit is the kind of volatility that makes traditional finance regulators reach for their pens.
Investors evaluating any project with AI integration should be asking pointed questions about prompt injection defenses, agent sandboxing, and credential isolation.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

2 hours ago
2
















English (US) ·