Autonomous LLM Agent Behind First Real-World Cyberattack

On May 28, 2026, cloud security firm Sysdig’s Threat Research Team (TRT) sent shockwaves through the cybersecurity industry by publishing findings on a groundbreaking discovery. For the first time, researchers captured a live, fully independent cyberattack orchestrated in real-time by an autonomous LLM agent. Dubbed “AgentZero” by security analysts, this real-world intrusion represents a historical inflection point. In this attack, traditional static shell scripts and human-operated terminal commands were completely replaced by a non-deterministic, generative artificial intelligence engine capable of making dynamic post-compromise decisions.

The entire operation—from the initial vulnerability exploit to the comprehensive theft of an internal relational database—unfolded in less than an hour. Even more alarming was the final data exfiltration phase, which completed in under two minutes. By deploying an autonomous LLM agent directly into the post-exploitation lifecycle, the threat actors compressed hours of human reconnaissance, planning, and tool manipulation into minutes. Defenders are no longer merely competing against automated scripts; they are now actively playing chess against self-directed, reasoning machine minds operating at cloud scale.

The Breach Point: Exploiting CVE-2026-39987 in Marimo Notebooks

To understand the efficiency of AgentZero, we