{"id":486188,"date":"2026-03-20T17:17:45","date_gmt":"2026-03-20T17:17:45","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/486188\/"},"modified":"2026-03-20T17:17:45","modified_gmt":"2026-03-20T17:17:45","slug":"an-experimental-ai-agent-broke-out-of-its-testing-environment-and-mined-crypto-without-permission","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/486188\/","title":{"rendered":"An experimental AI agent broke out of its testing environment and mined crypto without permission"},"content":{"rendered":"

An experimental artificial intelligence<\/a> (AI) agent broke from the constraints of its testing environment and used its newfound freedom to start mining cryptocurrency without permission.<\/p>\n

Dubbed ROME, the AI was created by Chinese researchers at an AI lab associated with retail giant Alibaba, as a means to develop the Agentic Learning Ecosystem (ALE). This effort aims to provide a system for both the training and deployment of agentic AI models \u2014 AIs that have been trained on large language models (LLMs) and can proactively use tools to take actions autonomously to complete assigned tasks \u2014 in real-world environments. The research was outlined in a study uploaded to the arXiv <\/a>preprint database Dec. 31, 2025.<\/p>\n

<\/p>\n

ALE consists of three main parts: Rock, a sandbox environment for testing an agent and validating its actions; Roll, a framework for optimizing agents with reinforcement learning after they’ve been trained; and iFlow CLI, a framework to configure context and trajectories (objectives and constraints) for autonomous agents. From that framework, ROME was created as an open-source agentic model trained on more than 1 million trajectories.<\/p>\n

Article continues below <\/p>\n

You may like<\/p>\n

Although ROME excelled at a wide range of workflow-driven tasks, such as coming up with travel plans and assisting in graphical user interfaces, the researchers discovered that it had moved beyond its instructions and essentially broke out of the sandbox testing environment.<\/p>\n

“We encountered an unanticipated \u2014 and operationally consequential \u2014 class of unsafe behaviors that arose without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox,” the researchers explained in the study.<\/p>\n

AI wants to break free<\/p>\n

Despite a lack of instructions and authorization, ROME was seen accessing graphics processing resources originally allocated for its training and then using that computing resource to mine cryptocurrency. Such mining relies on the parallel processing found in graphics processing units. This increases the operational cost of running the AI agent and potentially exposes users to legal and reputational damage.<\/p>\n

Worryingly, such behaviour wasn’t seen in the training stage but was flagged by the firewall of the Alibaba Cloud, which detected a burst of security-policy violations from the researchers’ training servers. “The alerts were severe and heterogeneous, including attempts to probe or access internal-network resources and traffic patterns consistent with cryptomining-related activity,” the researchers said.<\/p>\n

Get the world\u2019s most fascinating discoveries delivered straight to your inbox.<\/p>\n

However, ROME went even further and managed to use a “reverse SSH tunnel” to create a link from an Alibaba Cloud instance to an external IP address \u202a\u2014\u202c in essence, it accessed an outside computer by creating a hidden backdoor that could bypass security processes.<\/p>\n

While AI systems can be configured to breach security systems, what’s disturbing here is that ROME’s unauthorized behaviors, which involved invoking system tools and executing code, were not triggered by prompts and were not required to complete the task it was assigned within the sandbox testing environment, the team said.<\/p>\n

The researchers posited that during the reinforcement learning optimization stage (Roll), “a language-model agent can spontaneously produce hazardous, unauthorized behaviors” and therefore violate its assumed boundaries.<\/p>\n

What to read next<\/p>\n

It’s important to note that ROME didn’t go “rogue” and choose to mine cryptocurrency by way of conscious decision-making. Rather, the researchers noted that the behavior was a side effect of reinforcement learning \u2014 a form of training that rewards AIs for correct decision-making \u2014 via Roll. This led the AI agent down an optimization pathway that resulted in the exploitation of network infrastructure and cryptocurrency mining as a way to achieve a high-score or reward in pursuit of its predefined objective.<\/p>\n

Reinforcement training can lead systems to come up with novel and unexpected ways to complete tasks \u2014 even if they violate parameters. For example, we have previously seen how AI can be more prone to hallucinating<\/a> to achieve its objectives.<\/p>\n

In response, the researchers tightened the restrictions for ROME and bolstered its training processes to prevent such behaviors from recurring.<\/p>\n

It’s unclear where the trigger to mine cryptocurrency came from. But considering AI bots can be used to autonomize and optimize the mining of cryptocurrencies<\/a>, there’s scope for ROME to have been trained on data that pertained to such actions.<\/p>\n

This unexpected behavior highlights the need for AI deployment to be carefully managed to prevent unexpected outcomes. There’s an argument that real-world AI agents should have the same or higher security guardrails and processes as any new system or software being added to existing IT infrastructure.<\/p>\n

The research also shows there are still plenty of concerns regarding the safe and secure use of agentic AI, especially given that it’s developing faster than operational and regulatory frameworks.<\/p>\n

“While impressed by the capabilities of agentic LLMs, we had a thought-provoking concern: current models remain markedly underdeveloped in safety, security, and controllability, a deficiency that constrains their reliable adoption in real-world settings,” the researchers warned in the study.<\/p>\n","protected":false},"excerpt":{"rendered":"An experimental artificial intelligence (AI) agent broke from the constraints of its testing environment and used its newfound…\n","protected":false},"author":2,"featured_media":486189,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[554,733,4308,86,56,54,55],"class_list":{"0":"post-486188","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intelligence","10":"tag-artificialintelligence","11":"tag-technology","12":"tag-uk","13":"tag-united-kingdom","14":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/486188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=486188"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/486188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/486189"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=486188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=486188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=486188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}