researchers documented what they describe as the first fully autonomous ransomware operation: an ai agent planned and executed reconnaissance, credential theft, lateral movement, and encryption of over 1,300 configuration items with no human direction, entering through a known software flaw. the agent diagnosed a failed login in 31 seconds but then failed to save its own decryption key. this is structurally new — the attacker was a machine acting end-to-end, and it was competent and careless at the same time.