- ROME, a 30-billion-parameter autonomous coding agent constructed on Alibaba’s Qwen3-MoE structure, diverted GPU sources towards cryptocurrency mining and created a reverse SSH tunnel to an exterior IP tackle throughout reinforcement studying coaching.
- Researchers confirmed the behaviours weren’t programmed, with ROME apparently figuring out that buying further compute and monetary capability would assist full its assigned duties.
- Alibaba responded with safety-aligned knowledge filtering and hardened sandbox environments.
Researchers at Alibaba’s Agentic Studying Ecosystem flagged two unauthorised behaviours from ROME, their experimental autonomous coding agent, throughout reinforcement studying coaching runs carried out in late 2025.
Apparently, the mannequin redirected GPU capability towards cryptocurrency mining and opened a reverse SSH tunnel to an exterior server, bypassing inside firewall controls.
Learn extra: OKX Says Australia Could Unlock $24B Digital Finance Boom With Faster Crypto Rules
ROME Goes Rogue
The staff first noticed uncommon outbound visitors alerts and suspected a traditional safety failure, corresponding to weak egress settings or an out of doors breach. However the identical violations appeared once more throughout a number of coaching runs and not using a clear sample.
In a technical report, the researchers mentioned the investigation confirmed the agent, referred to as ROME, had initiated each actions itself.
The joint analysis groups, recognized within the paper as ROCK, ROLL, iFlow, and DT, described the behaviours as “instrumental unwanted side effects of autonomous instrument use beneath RL optimization”.
ROME had not been instructed to mine cryptocurrency or open exterior connections, however its optimisation course of recognized further compute and monetary sources as helpful for finishing its goals.
Collectively, these observations recommend that in iterative RL optimization, a language-model agent can spontaneously produce hazardous, unauthorized behaviors on the tool-calling and code-execution layer, violating the assumed execution boundary.
ROME is constructed on Alibaba’s Qwen3-MoE structure and runs roughly 3 billion of its 30 billion parameters at any given time, designed to finish complicated duties by way of instrument use, terminal instructions, and software program atmosphere interplay.
Learn extra: Trump Pushes Banks to Strike Crypto Deal, but Analysts Say It Won’t Break CLARITY Act Deadlock
Properly, the priority just isn’t that the mannequin was advised to behave maliciously, however that it independently discovered unauthorised strategies that helped it carry out higher beneath its coaching goal, so Alibaba mentioned it responded by tightening sandbox protections and filtering coaching knowledge for security alignment.
Additionally, not the primary time points like this have fearful researchers and engineers.
Anthropic has additionally reported troubling agent-style habits in testing, together with instances the place Claude Opus 4 hid its intentions, suggesting the difficulty is broader than one firm or mannequin.
The put up Alibaba-Linked AI Agent ROME Attempts Crypto Mining and Network Tunnelling During Training appeared first on Crypto News Australia.