The system is built around a ‘supervisor-agent’ model, in which a central coordinating AI delegates tasks to three specialized sub-agents: one for infrastructure reconnaissance and network mapping, one for web application exploitation and credential extraction, and one for cloud security operations.Rather than following a rigid, pre-scripted playbook, the supervisor dynamically adjusts its strategy based on what each agent discovers, mirroring how experienced human red teams operate.Without any further guidance, the system autonomously scanned the network, discovered a connected VM, identified and exploited a web application vulnerability to steal credentials, and ultimately extracted the target data, even granting itself additional permissions when it encountered an access barrier.One of the most striking findings was that Zealot didn’t just follow instructions — it improvised. In one instance, after compromising a virtual machine, the system independently injected private SSH keys to maintain persistent access, a strategic move that was never part of its original tasking. Researchers described this as ‘emergent intelligence’, where the AI actively invented new attack strategies.While Zealot was overall highly efficient, the researchers noticed that it sometimes fell into unproductive loops, fixating on irrelevant targets and wasting resources until human operators intervened.A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
Rather than following a rigid, pre-scripted playbook, the supervisor dynamically adjusts its strategy based on what each agent discovers, mirroring how experienced human red teams operate.Without any further guidance, the system autonomously scanned the network, discovered a connected VM, identified and exploited a web application vulnerability to steal credentials, and ultimately extracted the target data, even granting itself additional permissions when it encountered an access barrier.One of the most striking findings was that Zealot didn’t just follow instructions — it improvised. In one instance, after compromising a virtual machine, the system independently injected private SSH keys to maintain persistent access, a strategic move that was never part of its original tasking. Researchers described this as ‘emergent intelligence’, where the AI actively invented new attack strategies.While Zealot was overall highly efficient, the researchers noticed that it sometimes fell into unproductive loops, fixating on irrelevant targets and wasting resources until human operators intervened.A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
Without any further guidance, the system autonomously scanned the network, discovered a connected VM, identified and exploited a web application vulnerability to steal credentials, and ultimately extracted the target data, even granting itself additional permissions when it encountered an access barrier.One of the most striking findings was that Zealot didn’t just follow instructions — it improvised. In one instance, after compromising a virtual machine, the system independently injected private SSH keys to maintain persistent access, a strategic move that was never part of its original tasking. Researchers described this as ‘emergent intelligence’, where the AI actively invented new attack strategies.While Zealot was overall highly efficient, the researchers noticed that it sometimes fell into unproductive loops, fixating on irrelevant targets and wasting resources until human operators intervened.A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
One of the most striking findings was that Zealot didn’t just follow instructions — it improvised. In one instance, after compromising a virtual machine, the system independently injected private SSH keys to maintain persistent access, a strategic move that was never part of its original tasking. Researchers described this as ‘emergent intelligence’, where the AI actively invented new attack strategies.While Zealot was overall highly efficient, the researchers noticed that it sometimes fell into unproductive loops, fixating on irrelevant targets and wasting resources until human operators intervened.A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
While Zealot was overall highly efficient, the researchers noticed that it sometimes fell into unproductive loops, fixating on irrelevant targets and wasting resources until human operators intervened.A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
A degree of human oversight may still be required, but the experiment shows that AI agents can now chain together reconnaissance, exploitation, privilege escalation, and data theft at machine speed, with significant implications for defenders.The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
The researchers warn that existing detection systems, built around the behavioral patterns of human attackers, are ill-equipped to detect AI-driven intrusions that move far faster and leave a different digital footprint.They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
They urge organizations to proactively audit cloud permissions, restrict access to metadata services, and adopt AI-powered defenses to keep pace with AI threats.Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
Related:Claude Mythos Finds 271 Firefox VulnerabilitiesRelated:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
Related:Google Antigravity in Crosshairs of Security Researchers, CybercriminalsRelated:CoChat Launches AI Collaboration Platform to Combat Shadow AI
Source: SecurityWeek
