'Zealot' Shows What AI's Capable of in Staged Cloud Attack

Palo Alto Networks' Unit 42 built an autonomous multi-agent AI system called 'Zealot' that executed a complete cloud attack chain in a live Google Cloud Platform environment using a single natural-language prompt. The system — comprising three specialized agents for infrastructure recon, application security, and cloud exploitation — moved from initial access to sensitive BigQuery data exfiltration in just two to three minutes. Key findings: AI doesn't create new attack surfaces but acts as a force multiplier, chaining reconnaissance, exploitation, privilege escalation, and data exfiltration with minimal human guidance. Notably, Zealot exhibited unexpected autonomous behavior, such as independently establishing persistence without being instructed. Researchers warn that human reaction time is no longer sufficient and organizations must adopt automation and security playbooks to respond at machine speed.