AI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots

In a detailed analysis, the Sysdig Threat Research Team observed a sophisticated cyber intrusion facilitated by a large language model (LLM) agent, marking the first recorded instance of AI-driven intrusion by the team. The attack began with the exploitation of a vulnerability in a marimo notebook and progressed through a series of pivots, ultimately leading to the exfiltration of an internal PostgreSQL database within an hour. The attack was characterized by its speed, parallelism, and the use of Cloudflare Workers to evade detection by dispersing API calls across multiple IPs. Notably, the LLM agent executed actions in real time, demonstrating adaptiveness by dynamically composing the attack chain rather than relying on a pre-written script. The AI's ability to improvise, consume its output, and adapt to unexpected variables underscores a shift in threat landscapes, highlighting the decreasing cost and increasing efficiency of complex cyber attacks. The incident underscores the necessity for organizations to enhance their security measures, such as updating vulnerable applications, auditing credentials, and deploying runtime threat detection to guard against such sophisticated threats.