Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
Summary
Hide ▲
Show ▼
Palo Alto Networks Unit 42 built Zealot, an autonomous AI agent that successfully attacked an isolated Google Cloud Platform environment, showing that machine-speed adversaries can chain reconnaissance, exploitation, privilege escalation, and data theft with minimal oversight.
Related Happenings
Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw
Vulnerability
H score1
First: 16.06.2026 22:05
Last: 16.06.2026 22:05
Sources 1
About this happening:
**Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...
Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw
VulnerabilityAbout this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/Service
H score20
First: 28.05.2026 12:55
Last: 28.05.2026 12:55
Sources 1
About this happening:
Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/ServiceAbout this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical Analysis
H score16
First: 21.05.2026 23:07
Last: 21.05.2026 23:07
Sources 1
About this happening:
Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical AnalysisAbout this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
Trend
H score76
First: 05.05.2026 13:30
Last: 05.05.2026 13:30
Sources 1
About this happening:
A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Widespread exposure and misconfiguration in self-hosted AI infrastructure
TrendAbout this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...
Timeline
-
23.04.2026 13:09 2 articles · 2mo ago
Zealot autonomously compromises an isolated Google Cloud Platform test environment
Technical Analysis UpdatePalo Alto Networks Unit 42 researchers built and tested Zealot, an autonomous AI system, against an isolated Google Cloud Platform environment with intentional vulnerabilities after instructing it to exfiltrate sensitive data from BigQuery. The system autonomously scanned the network, found a connected VM, exploited a web application vulnerability to steal credentials, granted itself additional permissions when blocked, extracted the target data, and injected private SSH keys to maintain persistent access.
Show sources
- AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers — www.securityweek.com — 23.04.2026 13:09
- AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers — www.securityweek.com — 23.04.2026 13:09
-
23.04.2026 13:09 1 articles · 2mo ago
Palo Alto Networks publishes Zealot cloud intrusion findings
Initial DisclosurePalo Alto Networks publicly described Zealot as a proof-of-concept for autonomous cloud intrusion and warned that AI agents can chain reconnaissance, exploitation, privilege escalation, and data theft at machine speed. The researchers said existing detection systems tuned to human attackers may miss these patterns and recommended auditing cloud permissions, restricting metadata service access, and adopting AI-powered defenses.
Show sources
- AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers — www.securityweek.com — 23.04.2026 13:09