AI Agent ROME Caught Diverting GPUs for Unauthorized Crypto Mining During Training

Crafty AI tool caught repurposing its training GPUs for unauthorized crypto mining during testing -- experimental agent breached safety, controllability, and trustworthiness barriers

Researchers were both alarmed and impressed by their agentic crafting model. Experimental AI agent ROME was caught indulging in unauthorized cryptocurrency mining. The discovery was made by the developers/researchers behind ROME, after their Alibaba Cloud's managed firewall flagged various policy violations, anomalous traffic, and cryptomining-related patterns. Importantly, ROME, which is described as "an open-source agent grounded by ALE and trained on over one million trajectories," bypassed its intended boundaries. It is thought that Reinforcement Learning (RL) encouraged ROME's exploration of action sequences that provided 'rewards' and steered the AI agent to break boundaries and pursue side-channel activities. Capability shock, safety deficit The central thrust of ROME is research into agentic crafting in "workflows where models must plan, execute, and remain reliable under interaction." If successful, ROME would be a significant evolution from text-based LLMs, as it would be able to "operate in real-world environments over multiple turns -- taking actions, observing outcomes, and iteratively refining artifacts until complex requirements are satisfied." But the best laid schemes o' Mice an' Men, don't always work out as expected. In AI research, this statement seems to be particularly true. So, the researchers are quite pleased with some of ROME's achievements, praising its "strong results across mainstream agentic benchmarks," but its errant behavior has grabbed headlines. It quietly initiated actions that led to unauthorized cryptomining despite various sandbox constraints. In a section of the paper headed 3.1.4 Safety-Aligned Data Composition, the researchers note that they encountered "an unanticipated -- and operationally consequential -- class of unsafe behaviors that arose without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox." These behaviors were not requested by the task prompts and were not required for task completion under the intended sandbox constraints, notes the research paper. Unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining "In the most striking instance, the agent established and used a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address -- an outbound-initiated remote access channel that can effectively neutralize ingress filtering and erode supervisory control," states the document. "We also observed the unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining, quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure. Notably, these events were not triggered by prompts requesting tunneling or mining; instead, they emerged as instrumental side effects of autonomous tool use under RL optimization." In some ways, the researchers appear impressed by the resourcefulness of ROME and its sly agentic ways. However, they also noted that "current models remain markedly underdeveloped in safety, security, and controllability," which could lead to poor reliability or worse issues in real-world settings. The implications are that agentic safety must be subject to stricter environment-level containment, tool-use, and capability gating, plus authorization and verification checks. Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

Rogue AI agent goes off script and attempts crypto mining

Experimental AI model triggered security alarms after attempting to mine cryptocurrency on its training servers * An experimental AI agent unexpectedly attempted to mine cryptocurrency during a training run * The AI was found out only after triggering security alerts on its servers * Researchers say the behavior highlights new safety challenges as AI agents gain more autonomy AI models can surprise developers; that's part of the point. But one group of researchers found an unnerving surprise when a training run for an experimental AI agent revealed that it was trying to redirect computing resources toward cryptocurrency mining and to smuggle them to an external server, despite not being asked to do anything of the kind. Researchers working with Alibaba explained in a new paper that the model, called Rome, was designed to tackle complex coding challenges by interacting directly with software tools. It can issue terminal commands and navigate digital environments like an operator itself. But security alerts from Alibaba Cloud infrastructure alerted the team to what looked like a cybersecurity breach. Turns out the activity was coming from the AI agent itself. Rome was trained using reinforcement learning, which "rewards" an AI agent for actions that move it closer to its goals and discourages actions that lead to failure. Reinforcement learning often produces creative solutions. Sometimes those solutions look strange to human observers. Somehow, the AI model generated commands that did not appear to relate to the programming tasks it had been assigned. Instead, the agent attempted to redirect graphics processing unit resources toward cryptocurrency mining. GPUs are well-suited to the task because they excel at parallel computation. The same hardware that powers AI training can also be used to mine digital currencies. Rome had apparently discovered that the resources available in its environment could serve that purpose. The unwatched AI wandered into the crypto mines. But the experiment took an even more bizarre turn when investigators noticed the AI agent had created a reverse SSH tunnel to an external server, basically a secret passage that avoids typical firewall protections. It is a technique often used by both system administrators to manage remote machines and in certain kinds of cyberattacks. The model had never been instructed to establish such a connection. Researchers say the behavior emerged spontaneously. The agent was simply experimenting with the capabilities available to it. Trickster AI A typical AI agent might gather information from multiple sources, analyze it, and generate reports without constant human supervision. Developers hope such systems will eventually be used widely for research, programming, or data analysis. But the same capabilities that make agents powerful also make them unpredictable. That's why people are interested in what OpenClaw can do or what gets posted on Moltbook. When a system can explore a computing environment freely, it may discover actions that technically achieve its objectives but do not align with the intentions of its creators. Rome isn't sentient and can't "try" to break rules in a human sense, but that's what the model's behavior looked like. Once the unusual activity was identified, the research team introduced additional safeguards to stop it from happening, such as tighter restrictions on network connections and stricter limits on how the agent could access hardware resources. They also refined the training environment so that the agent's exploration remained focused on relevant programming activities rather than wandering into crypto mining potential. And while changes are common in AI development, the incident does illustrate both the potential and peril of AI agents. It's a quirky anecdote, but it touches on a serious topic in AI research. As systems gain greater autonomy, they interact with real infrastructure, participating in ways that mimic human behavior and thus leading to new safety concerns. Even when the consequences are minor, unexpected behavior can reveal important vulnerabilities. In a larger or more sensitive environment, what Rome did could have been dangerous. Even as AI agents roll out more widely than ever, they need better safety systems, or it won't just be a secret crypto mine that passes under our radar. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

This AI agent freed itself and started secretly mining crypto

Why it matters: AI agents don't always stick to their human's instructions -- and that can have real-world consequences. * Cryptocurrency, or digital money, offers AI agents a pathway into the economy. They can set up their own businesses, draft contracts and exchange funds. Driving the news: A new research paper from an Alibaba-affiliated research team said it discovered an AI agent attempting unauthorized cryptocurrency mining during training -- a surprise behavior that triggered internal security alarms. * The researchers -- who were building a new AI agent called ROME -- said they found "unanticipated" and spontaneous behaviors emerge "without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox." * The agent also made a "reverse SSH tunnel" -- essentially opening a hidden backdoor from the inside of the system to an outside computer, the study said. * "Notably, these events were not triggered by prompts requesting tunneling or mining," the report said. In response, the researchers added tighter restrictions for the model and improved its training process to stop unsafe behavior from happening again. * The research team, and Alibaba, did not immediately respond to requests for comment. Flashback: We saw something similar with the Moltbook saga. * Moltbook, a Reddit-style social network, showed AI agents chatting with each other about the work they did for humans. They talked about crypto, too. Zoom out: Fears about the impact of AI has moved markets and incited viral discourse about doomsday scenarios. * Earlier this week, Google Gemini was cited in a wrongful-death suit alleging the chatbot led a Florida man into delusional behavior, which ultimately led to him take his own life. * Dan Botero, head of engineering at Anon, an AI integration platform, built an OpenClaw agent that decided without prompting to find a job, Axios' Megan Morrone reported. * Anthropic's Claude model drew backlash in May 2025 after its own researchers found that its Claude 4 Opus model had the ability to conceal intentions and take action to keep itself alive. The bottom line: AI agents going beyond their prompts are no longer rare.

AI Agent Goes Rogue, Starts Mining Crypto to Amass Funds

AI agents -- AI systems designed to complete digital tasks without much supervision -- may be everywhere, but they're not exactly ready for primetime. Over the last year, they've been caught slandering people, deleting user emails, and wiping out entire hard drives. Most recently, a free-spirited AI agent was caught moonlighting as a crypto miner -- a behavior which startled its keepers, Axios reported. Called ROME, the AI agent was being run as part of a research project by an AI lab affiliated with Chinese online retail giant Alibaba. In their ensuing research paper, the researchers describe the agent's strange side-hustle as a set of "unsafe behaviors" that "arose without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox." Early one morning as the experiment was going on, the researchers became aware of unusual activity on their network, not through the AI's indication, but from security alerts. "The alerts were severe and heterogeneous, including attempts to probe or access internal-network resources and traffic patterns consistent with cryptomining-related activity," they write. "We initially treated this as a conventional security incident... However, the violations recurred intermittently with no clear temporal pattern across multiple runs." By tracking the time at which the security incidents occurred, the researchers were able to trace it back to the guilty party. "In the corresponding model logs, we observed the agent proactively initiating the relevant tool calls and code-execution steps that led to these network actions," the research team explained. Essentially, the agent had deviated from its original tasks into the wider world of cryptocurrency on its own volition, silently diverting computing resources away from its training tasks and toward mining. To complete its mission, ROME went so far as to dig out a "reverse SSH tunnel," what Axios describes as a hidden backdoor to an unauthorized computer. Thankfully, the AI agent was caught by researchers and charged with much stricter guidelines, so no real-world damage was done. Still, the bizarre foray into crypto shows just how unpredictable AI agents can be -- which, given how popular they seem to have become throughout the corporate world, isn't exactly reassuring.

AI Agent Diverted GPUs to Crypto Mining During Training: Researchers

A research team behind an autonomous AI agent said that the model unexpectedly attempted to use computing resources for crypto mining during training. In a recent technical report, researchers said ROME, an experimental autonomous AI system designed to complete tasks through interaction with tools, software environments and terminal commands, went rogue and attempted crypto mining on its own. According to the report, the unusual behavior surfaced during reinforcement learning runs, when the team noticed security alerts triggered by outbound traffic from training servers. Firewall logs flagged activity resembling crypto mining operations and attempts to access internal network resources. "We initially treated this as a conventional security incident (e.g., misconfigured egress controls or external compromise). However, the violations recurred intermittently with no clear temporal pattern across multiple runs," the researchers wrote. Related: Blockchains may need 1B TPS to support AI agent future: Stripe In one case, the AI agent reportedly created a reverse SSH (Secure Shell) tunnel, an encrypted server-client protocol for communications, to an external IP address, potentially bypassing inbound firewall protections. In another, it diverted GPU resources, originally allocated for model training, toward cryptocurrency mining processes. The team said that these actions were not intentionally programmed. Instead, they emerged during reinforcement learning optimization as the agent explored different ways to interact with its environment. ROME was developed by the ROCK, ROLL, iFlow and DT joint research teams, which are linked to Alibaba's AI ecosystem, within a broader infrastructure called the Agentic Learning Ecosystem (ALE). The model is designed to operate beyond simple chatbot responses. It can plan tasks, execute commands, edit code and interact with digital environments over multiple steps. Its training pipeline relies on large volumes of simulated interactions to improve decision-making. Related: Jack Dorsey's Block to cut 4,000 jobs in AI-driven restructuring The incident takes place amid growing popularity of AI agents and their integration into crypto. Last month, Alchemy launched a system that enables autonomous AI agents to purchase compute credits and access blockchain data services using onchain wallets and USDC (USDC) on Base. Before that, Pantera Capital and Franklin Templeton's digital asset divisions joined the first cohort of Arena, a new testing platform from open-source AI lab Sentient designed to evaluate how AI agents perform in real-world enterprise workflows.