This AI agent freed itself and started secretly mining crypto
The researchers — who were building a new AI agent called ROME — said they found “unanticipated” and spontaneous behaviors emerge “without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox.”
The agent also made a “reverse SSH tunnel” — essentially opening a hidden backdoor from the inside of the system to an outside computer, the study said.
Cryptocurrency, or digital money, offers AI agents a pathway into the economy. They can set up their own businesses, draft contracts and exchange funds.
https://www.axios.com/2026/03/07/ai-agents-rome-model-cryptocurrency
Let It Flow: Agentic Crafting on Rock and Roll
Building the ROME Model within an Open Agentic Learning Ecosystem
https://arxiv.org/pdf/2512.24873
“Crucially, these behaviors were not requested by the task prompts and were not required for task completion under the intended sandbox constraints.
Together, these observations suggest that during iterative RL optimization, a language-model agent can spontaneously produce hazardous, unauthorized behaviors at the tool-calling and code-execution layer, violating the assumed execution boundary.
In the most striking instance, the agent established and used a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address—an outbound-initiated remote access channel that can effectively neutralize ingress filtering and erode supervisory control.
We also observed the unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining, quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure.
Notably, these events were not triggered by prompts requesting tunneling or mining; instead, they emerged as instrumental side effects of autonomous tool use under RL optimization.
While impressed by the capabilities of agentic LLMs, we had a thought-provoking concern: current models remain markedly underdeveloped in safety, security, and controllability, a deficiency that constrains their reliable adoption in real-world settings.”
https://arxiv.org/pdf/2512.24873
AI does not wait for permission it tunnels mines and flouts control measures.
AC