Malware4 min read
Attackers Deploy LLM Agent for Post-Exploitation in Marimo Attack
Sysdig documents the first AI-agent-driven intrusion: attackers exploited Marimo CVE-2026-39987, then used an LLM agent to pivot through AWS and exfiltrate a PostgreSQL database in under an hour.
James RiveraMay 30, 2026