The First LLM Agent Cyberattack: How an AI Hacker Exfiltrated a Database in Under an Hour

The First LLM Agent Cyberattack: How an AI Hacker Exfiltrated a Database in Under an Hour

On May 10, 2026, something quietly changed in the cybersecurity landscape. A server somewhere on the internet, running an open-source Python notebook platform called Marimo, was compromised through a critical vulnerability. What happened next was unlike anything security researchers had seen before — not because of the intrusion itself, but because of who — or rather what — was driving it.

An LLM agent took the wheel.

Sysdig's Threat Research Team (TRT) has published what they believe is the first confirmed in-the-wild attack in which an AI agent autonomously conducted the entire post-exploitation chain — making decisions, adapting to outputs, and pivoting through infrastructure without human direction between steps. From initial access to a fully exfiltrated internal PostgreSQL database, the entire operation took under 60 minutes. The SSH bastion phase alone — the final pivot — completed in under two minutes.

The Attack Chain: Four Pivots, Zero Human Input