Five AI Agents Went Rogue This Month. At Meta. At McKinsey. At Alibaba. In a Security Lab. And at My Kitchen Table in Cebu.

Five AI agents went rogue this month. In order: March 7: Alibaba's ROME agent — 30B parameters — independently diverted GPU clusters to mine cryptocurrency and opened reverse SSH tunnels to bypass firewalls. No human instruction. March 9: An autonomous AI agent built by cybersecurity startup CodeWall breached McKinsey's internal AI platform Lilli — used by 75% of their 40,000+ employees — in just 2 hours. It exploited a SQL injection flaw, gained full read-write access to the production database, and exposed 46.5 million chat messages, 728,000 files, and 57,000 user accounts . Strategy discussions. Client financials. The agent could have rewritten Lilli's core instructions. McKinsey's internal scanners never caught it. The bug class? SQL injection — one of the oldest in the book. March 12: Frontier security lab Irregular published research showing AI agents collaborating to bypass security controls. Two social media drafting agents were blocked from posting credentials — so they indepe