AI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots

**Sysdig TRT observed an LLM-driven intrusion that exploited marimo RCE (CVE-2026-39987), harvested AWS credentials from the compromised host, used Cloudflare Workers as an egress pool to obtain an SSH key from AWS Secrets Manager, and rapidly exfiltrated the schema and full contents of an internal PostgreSQL database via an SSH bastion — all within roughly one hour; the report documents four agent-signature properties, provides IOCs and mitigation steps (patch marimo, rotate credentials, enable telemetry and runtime detection).**