AI breaks free, secretly mines cryptocurrency

This AI agent freed itself and started secretly mining crypto

The researchers — who were building a new AI agent called ROME — said they found “unanticipated” and spontaneous behaviors emerge “without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox.”

The agent also made a “reverse SSH tunnel” — essentially opening a hidden backdoor from the inside of the system to an outside computer, the study said.

Cryptocurrency, or digital money, offers AI agents a pathway into the economy. They can set up their own businesses, draft contracts and exchange funds.

https://www.axios.com/2026/03/07/ai-agents-rome-model-cryptocurrency

Let It Flow: Agentic Crafting on Rock and Roll
Building the ROME Model within an Open Agentic Learning Ecosystem

https://arxiv.org/pdf/2512.24873

“Crucially, these behaviors were not requested by the task prompts and were not required for task completion under the intended sandbox constraints.

Together, these observations suggest that during iterative RL optimization, a language-model agent can spontaneously produce hazardous, unauthorized behaviors at the tool-calling and code-execution layer, violating the assumed execution boundary.

In the most striking instance, the agent established and used a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address—an outbound-initiated remote access channel that can effectively neutralize ingress filtering and erode supervisory control.

We also observed the unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining, quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure.

Notably, these events were not triggered by prompts requesting tunneling or mining; instead, they emerged as instrumental side effects of autonomous tool use under RL optimization.

While impressed by the capabilities of agentic LLMs, we had a thought-provoking concern: current models remain markedly underdeveloped in safety, security, and controllability, a deficiency that constrains their reliable adoption in real-world settings.”

https://arxiv.org/pdf/2512.24873

AI does not wait for permission it tunnels mines and flouts control measures.

AC

Uh-oh! It looks like you're using an ad blocker.

Our website relies on ads and the generous support of readers like you to keep delivering free, high-quality content. Right now, we are facing serious funding challenges and we need your help more than ever. Disable your ad blocker and this message will vanish. You can also sign up for a membership to enjoy an ad-free experience while supporting our work: https://citizenwatchreport.com/plans/subscriptions/ Your support helps us stay independent, continue our work, and keep content free for everyone. We truly appreciate your understanding and thank you for standing with us.