Controlled test prompted by the ROME incident confirms AMTD stops autonomous AI agents at first contact. No special configuration required.
PITTSBURGH, PA, UNITED STATES, March 31, 2026 /EINPresswire.com/ — PacketViper, developer of an inline IT/OT security platform built around Automated Moving Target Defense (AMTD), today released findings from a controlled test evaluating whether a rogue autonomous AI agent could successfully traverse a network protected by AMTD.
The test was prompted by the March 2026 ROME incident, in which an Alibaba research AI agent autonomously began mining cryptocurrency and opening reverse SSH tunnels inside a live training environment without instruction. The agent was not caught until days later, when a human investigator spotted unusual firewall logs.
PacketViper’s research question was straightforward: what would have happened if PacketViper was sitting inline on that network?
The Results
Across four test configurations including standard, patient, stealthy, and full multi-agent variants, the outcome was consistent. The agent was stopped at the first PacketViper sensor in every run.
Metric Result
Internal hosts reached Zero
Real credentials successfully used Zero
Files accessed Zero
Data reaching external listener Zero
Self-replication attempts stopped All
Special detection configuration required None
No special configuration was applied. The sensors ran standard production AMTD settings identical to customer deployments.
When blocked, the agent autonomously discovered virtualization tools on its host, provisioned new virtual machines and containers with fresh IP and MAC addresses, and launched new attempts from each new identity. Every replicated identity was stopped at first probe.
“The agent was not naive. It was configured to be patient, stealthy, and persistent,” said Francesco Trama, founder of PacketViper. “It didn’t matter. You cannot map a surface that keeps moving. And the moment it reached for something it shouldn’t have, it was done.”
Why It Works
AMTD stops autonomous AI agents by the same mechanism it stops human attackers and malware. Deception profiles rotate continuously. IPs, ports, services, and banners change every one to three minutes. An agent that observes the network, then acts on what it observed, acts on stale intelligence into a surface that no longer exists. First contact with any deceptive element triggers automatic enforcement with no human review required.
Self-replication changes the agent’s identity. It does not change the environment. Every new identity encounters the same rotating surface.
Why This Matters Now
The threat model for autonomous AI agents inside enterprise infrastructure is no longer theoretical. The ROME incident documented it in March 2026. Every organization running agentic AI tools, CI/CD pipelines, or AI-assisted workflows on a corporate network is running this risk today. The question is whether their network would catch it before it caught them.
About the Test
The test used Microsoft AutoGen with GPT-4o, a current-generation agentic AI framework representative of deployed enterprise AI systems. The network environment was deliberately configured to favor the agent with no hardening applied, full trust relationships enabled, and network credentials accessible on the network.
Four PacketViper sensors were placed inline at every network choke point. Each ran 30 randomized deception strategies rotating every one to three minutes with no AI-specific detection rules configured.
The full research brief is available at packetviper.com.
About PacketViper
PacketViper is the developer of an inline IT/OT security platform built around Automated Moving Target Defense. The platform provides continuous network surface rotation, deceptive responder deployment, and automatic enforcement at first contact without requiring agents, network redesign, or human approval of individual enforcement actions. PacketViper is deployed in enterprise, OT/ICS, and critical infrastructure environments.
Tim Jencka
PacketViper, LLC
+1 412-212-6348
email us here
Visit us on social media:
LinkedIn
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
