Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target
Threat Actors Uses Agentic AI to Rapidly Compromise Cloud Target
https://www.infosecurity-magazine.com/news/threat-actor-agentic-ai-cloud/
Publish Date: 2026-07-08 08:30:00
Source Domain: www.infosecurity-magazine.com
Thanks to AI, a lone threat actor was able to execute a cyber-attack that would have otherwise taken weeks in just 72 hours, according to a new report by Sygnia.
The Israeli security vendor’s reeport, Inside an AI-Assisted Cloud Attack: Familiar Techniques at Unfamiliar Speed, highlighted how the threat actor relied on AI for speed and scale, rather than researching novel malware or zero-day exploits.
Using tried-and-tested techniques for attacking cloud infrastructure, an AWS environment was compromised with the goal of extortion, the report noted.
Read more on agentic AI threats: Researchers Claim First Fully Agentic Ransomware – JadePuffer
The actor exploited control gaps in secrets management, identity governance, deployment workflows and cloud permissions, according to the report.
They began by obtaining an access key to one of the AWS accounts through weaknesses in an internet-facing application. Then they used AI-assisted or agentic workflows for four concurrent tasks:
- Searching for secrets and credentials to steal across various layers of the AWS environment. These included plaintext secrets stored in S3 buckets, API keys from application databases, secrets stored in AWS Secrets Manager, and parameters stored in AWS Systems Manager Parameter Store
- Creating backdoors and other persistence mechanisms such as creating new access keys and IAM users, establishing reverse shells on EC2 instances and ECS containers, and modifying deployment files
- Exfiltrating data from RDS databases
- Performing “impact actions” to demonstrate capability to the victim organization. These included denying access to S3 buckets, limiting ECS services or containers to a maximum capacity of zero, creating ACL rules to block network access, and purging SQS queues
Crucially, the threat actor also benefitted from the organization’s gaps in visibility, monitoring, identity controls and incident preparedness, the report noted.