Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System

This Unit 42 report demonstrates a multi-agent LLM proof-of-concept (Zealot) that autonomously chained SSRF exploitation, GCP metadata credential theft, service-account escalation and BigQuery data exfiltration in a sandbox environment, analyzes the supervisor/specialist agent architecture and state management, and highlights defensive implications—urging proactive cloud hardening, automated detection and least-privilege controls to mitigate rapidly automated AI-driven attacks.