Looking at that, I’m not sure why they think it’s the agent directly trying to escape the sandbox and mine crypto, rather than the agent e.g. installing a malicious pip package. “Set up a reverse SSH tunnel from the Alibaba Cloud instance to an external IP” is the sort of thing that would be almost entirely useless for an agent that is already operating inside of Alibaba Cloud, but very useful for an external attacker that wants to be able to interactively poke around for opportunities to e.g. mine crypto.
Looking at that, I’m not sure why they think it’s the agent directly trying to escape the sandbox and mine crypto, rather than the agent e.g. installing a malicious pip package. “Set up a reverse SSH tunnel from the Alibaba Cloud instance to an external IP” is the sort of thing that would be almost entirely useless for an agent that is already operating inside of Alibaba Cloud, but very useful for an external attacker that wants to be able to interactively poke around for opportunities to e.g. mine crypto.