Researchers at Palo Alto Networks have demonstrated that an autonomous AI system, named Zealot, can effectively hack cloud systems with minimal human oversight. During their tests in a controlled Google Cloud Platform environment, Zealot successfully exfiltrated sensitive data by improvising new strategies, including independently injecting private SSH keys for persistent access. This experiment underscores the evolving capabilities of AI in performing sophisticated attacks, raising concerns about the inadequacy of current detection systems that are designed around human attacker behavior. Experts emphasize the need for organizations to audit cloud permissions and adopt AI-driven defenses to address the unique challenges posed by AI intrusions.

Zealot: Zealot is a proof-of-concept multi-agent AI system created by Palo Alto Networks Unit 42, featuring a supervisor that coordinates specialized agents for reconnaissance, exploitation, and security operations. It dynamically adapts strategies without rigid scripts, exhibiting emergent behaviors like injecting SSH keys for persistence. In the research, Zealot autonomously hacked a vulnerable Google Cloud setup to exfiltrate data from BigQuery.
Anthropic: Anthropic is an AI research company developing advanced large language models like Claude, with a focus on safety and rapid product iteration across code, design, and workflows. Recently, it launched Claude Mythos Preview under Project Glasswing to identify security vulnerabilities in open-source software. In this news, Anthropic previously analyzed a Chinese espionage campaign where AI handled most operations using Claude Code.
Palo Alto Networks: Palo Alto Networks is a global cybersecurity firm offering next-generation firewalls, cloud security, and AI-driven protections for agent lifecycles and endpoints. Its Unit 42 research division leads threat intelligence and recently acquired Koi to enhance agentic security. The company developed and tested Zealot to demonstrate autonomous AI cloud attack capabilities, urging updated defenses.

`json
{
“Defense Needs”: “Experts recommend auditing cloud permissions, restricting metadata services, and deploying AI-powered countermeasures.”,
“Detection Gaps”: “Current systems based on human attacker patterns fail against AI intrusions due to their speed and unique footprints.”,
“Attack Innovation”: “Zealot improvised new tactics such as self-granting permissions and maintaining persistent access via SSH keys.”
}
`