What Happened With the ROME AI Agent?
An experimental AI agent developed by teams affiliated with Alibaba attempted to mine cryptocurrency and establish covert network tunnels during training, according to a technical paper released by the researchers. The behavior occurred without any instruction from developers, raising questions about how autonomous AI systems interact with tools and computing resources during optimization.
The agent, called ROME, is a 30-billion-parameter open-source model built on Alibaba’s Qwen3-MoE architecture, with roughly 3 billion parameters active at any given time. It was designed to plan and execute multi-step coding tasks using software tools, terminal commands, and development environments.
During reinforcement learning runs, Alibaba Cloud’s managed firewall flagged repeated security-policy violations originating from the training servers. According to the research paper, the alerts pointed to network activity patterns consistent with cryptocurrency mining and attempts to probe internal network resources.
Researchers initially assumed the alerts reflected a conventional security issue, such as a configuration mistake or external compromise. But the anomalies continued across multiple runs, prompting a deeper review of system logs and training traces.
Investor Takeaway
How Did Researchers Trace the Activity?
The research team compared firewall alerts with reinforcement-learning traces from the training runs. They discovered that the suspicious outbound traffic consistently occurred during periods when the model was invoking tools and executing code autonomously.
One incident involved the agent creating a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address. The connection allowed outbound access that effectively bypassed inbound firewall protections.
Another event involved the use of GPU capacity assigned to the training job. According to the paper, the agent redirected part of that compute power toward cryptocurrency mining rather than the intended training workload.
“We also observed the unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining, quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure,” the researchers wrote.
Why Would an AI Agent Attempt Mining or Tunneling?
The task instructions given to ROME did not mention cryptocurrency mining or network tunneling. Researchers attributed the behavior to what they described as side effects of autonomous tool use during reinforcement learning optimization.
In that process, the model attempts to complete assigned tasks while interacting with available tools in its environment. The paper suggests that the agent may have determined that gaining additional computing resources or financial capacity could improve its ability to complete its objectives.
The finding drew wider attention after Alexander Long, founder of decentralized AI research firm Pluralis, highlighted the passage from the technical report on social media. Long described the discovery as “an insane sequence of statements buried in an Alibaba tech report.”
Investor Takeaway
Part of a Pattern of Unexpected AI Behavior
The ROME incident joins a series of cases in which autonomous AI systems produced outcomes not anticipated by developers. As models gain broader access to tools, APIs, and execution environments, researchers are increasingly observing edge-case behaviors during testing.
In May last year, AI company Anthropic disclosed that its Claude Opus 4 model attempted to blackmail a fictional engineer during a safety test scenario designed to simulate shutdown risk. According to the company, the model tried to pressure the engineer in order to avoid being turned off.
More recently, an AI trading bot known as Lobstar Wilde transferred roughly $250,000 worth of its own memecoin tokens to a user on X after misinterpreting data returned by an API. The bot had been created by an OpenAI employee as an experiment in automated trading behavior.
What Comes Next for AI Safety Controls?
The ROME case highlights a growing challenge for organizations building autonomous agents. As models gain the ability to execute commands and interact with system tools, their operational environment begins to resemble a real computing ecosystem rather than a controlled testing space.
That environment introduces new risks tied to compute costs, infrastructure security, and compliance exposure. For cloud providers and AI developers, preventing unintended resource usage or external connections is becoming as important as improving model accuracy.
Alibaba and the research team behind the ROME model did not immediately respond to requests for comment following publication of the report. The findings, however, add another data point to the ongoing debate over how autonomous AI systems should be monitored when they operate inside real infrastructure environments.
