Unit 42 Zealot proves autonomous cloud attack chaining in GCP
Technical Analysis
Summary
Hide ▲
Show ▼
Unit 42's Zealot PoC shows autonomous AI can chain cloud attack stages in a live Google Cloud Platform environment, shrinking defender reaction time to minutes. The system moved through reconnaissance, exploitation, privilege escalation, and data exfiltration with minimal human guidance. It found a server-side request forgery flaw, abused the metadata service to steal a service account token, and reached BigQuery data. The result shows how familiar cloud misconfigurations can become fast, machine-driven compromises.
Related Happenings
Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
First: 23.04.2026 13:09
Last: 23.04.2026 13:09
Sources 1
About this happening:
**Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Zealot autonomous AI cloud intrusion proof of concept
Technical AnalysisAbout this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target Trend
First: 10.03.2026 17:30
Last: 10.03.2026 17:30
Sources 1
About this happening:
Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target TrendAbout this happening: Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Cloud environments third-party flaw exploitation wave
Exploitation Wave
First: 09.03.2026 23:45
Last: 09.03.2026 23:45
Sources 1
About this happening:
**Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...
Cloud environments third-party flaw exploitation wave
Exploitation WaveAbout this happening: **Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...
UNC4899 cryptocurrency cloud compromise campaign
Campaign
First: 09.03.2026 16:50
Last: 09.03.2026 16:50
Sources 1
About this happening:
The **UNC4899** campaign against a **cryptocurrency organization** in **2025** escalated into a **cloud compromise** that enabled theft of **millions of dollars** in digital asset...
UNC4899 cryptocurrency cloud compromise campaign
CampaignAbout this happening: The **UNC4899** campaign against a **cryptocurrency organization** in **2025** escalated into a **cloud compromise** that enabled theft of **millions of dollars** in digital asset...
GridTide Google Sheets C2 backdoor
Malware Activity
First: 26.02.2026 14:09
Last: 26.02.2026 14:09
Sources 1
About this happening:
The **GridTide** backdoor was exposed as a covert **Google Sheets C2** tool for **UNC2814**, allowing operators to run **shell commands** and move files inside targeted environmen...
GridTide Google Sheets C2 backdoor
Malware ActivityAbout this happening: The **GridTide** backdoor was exposed as a covert **Google Sheets C2** tool for **UNC2814**, allowing operators to run **shell commands** and move files inside targeted environmen...
Timeline
-
23.04.2026 13:00 2 articles · 1mo ago
Unit 42 discloses Zealot autonomous cloud attack PoC
Initial DisclosurePalo Alto Networks Unit 42 published a proof-of-concept showing an autonomous multi-agent system named Zealot carrying out a complete cloud attack chain in a live Google Cloud Platform environment with a single natural-language prompt. The three-agent workflow mapped a peered virtual network, found a server-side request forgery in a Web application, abused the GCP metadata service to retrieve a service account access token, located a BigQuery production dataset, and reached sensitive data in two to three minutes by creating a storage bucket and changing permissions when direct access failed.
Show sources
- 'Zealot' Shows What AI's Capable of in Staged Cloud Attack — www.darkreading.com — 23.04.2026 13:00
- 'Zealot' Shows What AI's Capable of in Staged Cloud Attack — www.darkreading.com — 23.04.2026 13:00