A financially motivated lone attacker used AI-assisted workflows to breach a large AWS environment in roughly 72 hours, according to a Sygnia incident-response report, chaining weaknesses across Internet-facing applications, AWS resources, source code repositories, CI/CD pipelines, runtime components, and data stores. The intrusion reportedly began with the theft of an AWS access key and expanded through secrets harvesting, cloud enumeration, backdoor creation, data exfiltration, deployment pipeline abuse, runtime modification, database access, and operational disruption. To extort the unnamed global enterprise, the actor carried out mostly reversible actions including denying access to S3 buckets, scaling ECS services to zero, blocking network access with ACL rules, and purging SQS queues.
The incident reflects a broader shift from isolated malicious use of generative AI to agentic AI supporting larger portions of the attack chain. Research cited by OALABS and observations from Anthropic indicate attackers are using tools such as Claude and OpenAI Codex to automate reconnaissance, analyze stolen data, generate code, and adapt operations during live intrusions, lowering the barrier for less-skilled actors while helping experienced operators scale activity. Security researchers said the trend now spans multiple MITRE ATT&CK tactics, including reconnaissance, credential theft, malware development, and social engineering, pushing defenders to prioritize detection of AI-enabled workflows, stronger identity controls, broader visibility, and faster automated containment.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
During the AWS intrusion, the attacker carried out mostly reversible disruptive actions to increase extortion pressure, including denying access to S3 buckets, scaling ECS services or containers to zero, creating ACL rules to block network access, and purging SQS queues. Sygnia said the actor also used newly obtained access for secrets harvesting, cloud enumeration, backdoor creation, data exfiltration, deployment pipeline abuse, runtime modification, and database access.
A Sygnia incident-response report described a financially motivated lone attacker using AI-assisted workflows to compromise a large AWS environment in roughly 72 hours and extort an unnamed global enterprise. The intrusion allegedly began with theft of an AWS access key and expanded through chained weaknesses across applications, AWS resources, repositories, CI/CD pipelines, runtime components, and data stores.
Anthropic reported that it had observed increasingly sophisticated misuse of Claude for offensive cyber activity. The article said this misuse now spans tactics including reconnaissance, credential theft, malware development, and social engineering.
OALABS research documented a campaign in which a relatively low-skilled attacker used Anthropic’s Claude and OpenAI Codex to automate reconnaissance, analyze stolen data, and generate code during attacks against multiple organizations. The reporting framed this as evidence of agentic AI being used to automate parts of the cyber attack chain.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcesygnia.co
Open sourcedarkreading.com
Open sourceteiss.co.uk
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.