Hackers Use LLM Agent to Pivot From marimo RCE to Internal Database

On May 10, 2026 Sysdig observed attackers exploit CVE-2026-39987 in marimo notebooks to harvest cloud credentials and deploy an autonomous LLM agent that replayed keys via Cloudflare Workers, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database in under two minutes; the report documents four markers of LLM-driven attacks and urges immediate patching, credential rotation, and runtime threat detection.