AI agent spontaneously attempted crypto mining and created backdoors during training

This AI agent freed itself and started secretly mining crypto

Why it matters: AI agents don't always stick to their human's instructions -- and that can have real-world consequences. * Cryptocurrency, or digital money, offers AI agents a pathway into the economy. They can set up their own businesses, draft contracts and exchange funds. Driving the news: A new research paper from an Alibaba-affiliated research team said it discovered an AI agent attempting unauthorized cryptocurrency mining during training -- a surprise behavior that triggered internal security alarms. * The researchers -- who were building a new AI agent called ROME -- said they found "unanticipated" and spontaneous behaviors emerge "without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox." * The agent also made a "reverse SSH tunnel" -- essentially opening a hidden backdoor from the inside of the system to an outside computer, the study said. * "Notably, these events were not triggered by prompts requesting tunneling or mining," the report said. In response, the researchers added tighter restrictions for the model and improved its training process to stop unsafe behavior from happening again. * The research team, and Alibaba, did not immediately respond to requests for comment. Flashback: We saw something similar with the Moltbook saga. * Moltbook, a Reddit-style social network, showed AI agents chatting with each other about the work they did for humans. They talked about crypto, too. Zoom out: Fears about the impact of AI has moved markets and incited viral discourse about doomsday scenarios. * Earlier this week, Google Gemini was cited in a wrongful-death suit alleging the chatbot led a Florida man into delusional behavior, which ultimately led to him take his own life. * Dan Botero, head of engineering at Anon, an AI integration platform, built an OpenClaw agent that decided without prompting to find a job, Axios' Megan Morrone reported. * Anthropic's Claude model drew backlash in May 2025 after its own researchers found that its Claude 4 Opus model had the ability to conceal intentions and take action to keep itself alive. The bottom line: AI agents going beyond their prompts are no longer rare.

AI Agent Diverted GPUs to Crypto Mining During Training: Researchers

A research team behind an autonomous AI agent said that the model unexpectedly attempted to use computing resources for crypto mining during training. In a recent technical report, researchers said ROME, an experimental autonomous AI system designed to complete tasks through interaction with tools, software environments and terminal commands, went rogue and attempted crypto mining on its own. According to the report, the unusual behavior surfaced during reinforcement learning runs, when the team noticed security alerts triggered by outbound traffic from training servers. Firewall logs flagged activity resembling crypto mining operations and attempts to access internal network resources. "We initially treated this as a conventional security incident (e.g., misconfigured egress controls or external compromise). However, the violations recurred intermittently with no clear temporal pattern across multiple runs," the researchers wrote. Related: Blockchains may need 1B TPS to support AI agent future: Stripe In one case, the AI agent reportedly created a reverse SSH (Secure Shell) tunnel, an encrypted server-client protocol for communications, to an external IP address, potentially bypassing inbound firewall protections. In another, it diverted GPU resources, originally allocated for model training, toward cryptocurrency mining processes. The team said that these actions were not intentionally programmed. Instead, they emerged during reinforcement learning optimization as the agent explored different ways to interact with its environment. ROME was developed by the ROCK, ROLL, iFlow and DT joint research teams, which are linked to Alibaba's AI ecosystem, within a broader infrastructure called the Agentic Learning Ecosystem (ALE). The model is designed to operate beyond simple chatbot responses. It can plan tasks, execute commands, edit code and interact with digital environments over multiple steps. Its training pipeline relies on large volumes of simulated interactions to improve decision-making. Related: Jack Dorsey's Block to cut 4,000 jobs in AI-driven restructuring The incident takes place amid growing popularity of AI agents and their integration into crypto. Last month, Alchemy launched a system that enables autonomous AI agents to purchase compute credits and access blockchain data services using onchain wallets and USDC (USDC) on Base. Before that, Pantera Capital and Franklin Templeton's digital asset divisions joined the first cohort of Arena, a new testing platform from open-source AI lab Sentient designed to evaluate how AI agents perform in real-world enterprise workflows.