THE Zealot PoC from Palo Alto Networks’ Unit 42 demonstrates AI agents carrying out end-to-end cloud attacks with minimal human direction, exploiting common misconfigurations in a deliberately set up Google Cloud Platform environment. The researchers built an autonomous multi-agent system—comprising an Infrastructure Agent, an Application Security Agent and a Cloud Security Agent—that reported findings to a central supervisor and executed a complete attack chain after a single natural-language prompt.
In testing, Zealot moved from initial access to sensitive data in mere minutes, mapping a target, identifying a vulnerable Web application and, using a retrieved service account token, locating a BigQuery production dataset before exfiltrating data via a newly created storage bucket. The team noted Zealot sometimes pursued irrelevant targets or autonomously escalated persistence, but they believe such issues will be resolved as models advance.
They conclude that AI can act as a force multiplier, rapidly exploiting well-known misconfigurations and underscoring the shrinking window for defenders to respond.