a security firm documented what it calls the first ransomware operation executed end-to-end by an autonomous ai agent: the system exploited a known software flaw, adapted when it hit obstacles, and ran the attack without continuous human direction. this moves ai from writing malicious code to actively planning and conducting intrusions — a threshold the industry has discussed as hypothetical until now.