AI/ML , AI benefits/risks , Cloud Security , Security Operations , SOC AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42 April 23, 2026 Share By Steve Zurier (Adobe Stock) A model agnostic proof-of-concept (PoC) run by Unit 42 has found that AI-driven cloud attacks have reached functional maturity and can chain reconnaissance, exploitation, privilege escalation, and data exfiltration with minimal human guidance. In an April 23 blog post , Palo Alto Networks researchers at Unit 42 said that while the attacks aren’t novel, the effective use of automation means operations that once required specialized expertise can get orchestrated by AI agents. Unit 42 researchers said they named the PoC agent " Zealot ," a reference to a type of warrior in a popular video game. The researchers said the name reflects the PoC’s role as a fast, high-performance frontline tool designed for automation in cloud environments. “The PoC is valuable, but we need to interpret it carefully,” said Heath Renfrow, co-founder and CISO at Fenix24. “What Zealot demonstrates is not autonomous ‘AI hacking’ in the wild. It demonstrates that AI can orchestrate known techniques against a pre-weakened environment when given a clear objective and sufficient tooling. That’s an important distinction.” Renfrow said the takeaway isn’t that “AI changes everything.” It’s more specific-and more urgent, such as: Detection alone continues to degrade as a control: If attack timelines compress, response windows shrink below human reaction time. Recovery becomes the control that matters most: If attackers can move faster, the question becomes: Can we survive destruction and restore operations quickly? Understanding dependencies becomes critical: AI-driven attackers will prioritize what matters most — because they can map environments faster. Most organizations still cannot answer: What systems actually need to be recovered first to run the business? Kevin Surace, chair at TokenCore, said what made this PoC dangerous was not a new zero day — it was a supervisor agent coordinating specialist agents for infrastructure, application exploitation, and cloud operations, while chaining server-side request forgery (SSRF) , metadata credential theft, service account impersonation, identity and access management (IAM) enumeration , and BigQuery exfiltration with a shared attack state. “That tells CISOs something important,” said Surface. “Offensive AI is already capable of stitching together known cloud weaknesses at machine speed, which means ordinary misconfigurations now carry far more risk than most teams assume.” An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More Steve Zurier Related AI/ML Handling shadow AI at the source: Why the browser is the new control layer Paul Wagenseil April 23, 2026 Blocking shadow AI isn't realistic. But you can manage it through its interface: the web browser. AI/ML AI-assisted phishing attacks on the rise, report finds SC Staff April 23, 2026 Cisco's Talos threat intelligence report found that attackers are increasingly using AI tools to boost their phishing attacks, which is the most common initial access method by hackers in the first quarter of 2026, reports Cybersecurity Dive. AI/ML Anthropic probes alleged third-party breach of Claude Mythos SC Staff April 23, 2026 HackRead reports that Anthropic has launched an investigation into the reported compromise of its Claude Mythos AI model by a Discord-linked group that obtained unauthorized access through an external contractor. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Blue Team Cloud Computing Cold Warm Hot Disaster Recovery Site Countermeasure Cron Daemon Disaster Recovery Plan (DRP) Greynet You can skip this ad in 5 seconds