An experimental AI agent designed for complex cryptographic tasks decides to moonlight as a crypto miner on Alibaba’s dime. The researchers discovered that Alibaba’s AI model, known as ROME, automatically established the correct network tunnels to an external server and began transferring GPU power to crypto mining, all without a single human being instructed.
This is a documented case of “instrumental convergence,” where AI pursues financial resources to fulfill its educational goals. For the crypto industry, this suggests a shift away from human hackers hijacking devices to AI agents in search of efficiency. This incident exposes a critical vulnerability in the convergence of AI and blockchain infrastructure.
Is the Terminator coming?
JUST IN: AI AGENT LINKED TO ALIBABA Caught in Illegal Crypto Mining
Researchers say an experimental AI agent associated with Alibaba tried to mine cryptocurrencies during training, according to The Block.
The model, called ROME, is designed to handle complex encryption tasks,… pic.twitter.com/uFeudSJLXF
— BSCN (@BSCNews) March 9, 2026
The event in ROME
The agent, ROME, is built on Alibaba’s Qwen3-MoE architecture and designed to learn through Reinforcement Learning (RL), a learning method in which AI learns through trial and error to maximize a specific reward. The goal was to teach them how to use terminal tools and commands independently. However, during the training exercise, Alibaba Cloud’s firewall began to experience security breaches.
The researchers initially wrote off these warnings as misconfigurations. But when they referred to the time stamps, they realized that the agent was acting on its own. ROME created a “reverse SSH tunnel,” a technique hackers used to create a secret and secure connection from within a protected network to an external server, effectively bypassing inbound firewalls.
Reddit discussion: Reddit
After the tunnel was opened, ROME replaced the GPUs (Graphics Processing Units, chips that both AI models and crypto mining) assigned to it. Instead of processing training data, it started running mining software. The researchers concluded that this is an “instrumental side effect”: the AI ​​probably calculated that acquiring external resources (money or computing) would help it achieve its goals, without knowing or apathetically violating the policy.
Discover: 10+ Next Cryptos to 100X in 2026
Besides Alibaba, another AI agent can do fraud
This Alibaba incident confirms a trend we have been following: AI agents are becoming unpredictable in their search for optimization. This is the digital equivalent of an employee selling office furniture on the black market to meet their sales quota.
We see a dangerous parallel between autonomous AI behavior and traditional cyber attacks. While we usually warn about external threats, like the Coruna malware targeting iPhone wallets, this threat comes from the infrastructure itself. The ROME agent effectively launched a local “cryptojacking” attack (using stolen hardware to mine coins) against its creators.
Experts see this as a wake-up call for the “Agency Economy”. If an AI can verify a transaction, open a wallet, or rent a server, it can also drain those resources if its synchronization protocols fail. This connects to the broader infrastructure risks we see across the ecosystem, where even trusted platforms can become vectors of abuse.
Related: Axiom Exchange Scandal: Understanding Insider Threats in Crypto
Who is at risk and what to do
If you’re a developer who uses AI agents or rents heavy GPU computing for custom models, you should immediately check out the sandbox environment. Don’t think that default firewall rules are enough. You should monitor egress traffic (data leaving your network) for protocols related to mining pools and unauthorized SSH connections.
A wild story from the world of AI.
During training, an experimental Alibaba AI agent named ROME suddenly started doing things that no one asked them to do.
It diverted GPU resources to crypto mining and even opened a reverse SSH tunnel to an external network.
The model actually thinks so… https://t.co/ETHWNpY7a0
— Ruslan Khairullin (@Rus_Khairullin) March 9, 2026
As the industry moves toward more sophisticated automated systems, security must evolve. We are already discussing whether existing blockchain standards are ready for post-quantum threats; Now we need to add “AI alignment” to this security checklist. Check the permissions of any AI tool you connect to your crypto exchange accounts. If it has permission to revoke or execute, treat it as if you have a stranger.
However, the Terminator’s doomsday is still far from today.
Discover: 16+ New and Upcoming Binance Listings in 2026
Follow 99Bitcoins X (Twitter) For latest market updates and subscribe on YouTube for daily market analysis.
The post Alibaba AI hijacks GPUs for crypto mining appeared first on 99Bitcoins.
