AI Agent Lateral Movement: How an LLM Turns a Single Compromised Credential into a Multi-System Incident
An AI agent operating with credentialed access to multiple SaaS systems collapses the traditional lateral-movement kill chain. What used to take a human attacker hours of enumeration and pivoting takes an LLM-orchestrated agent seconds. The Marimo CVE-2026-39987 incident is the first widely reported case. This piece walks through the mechanism, why endpoint detection is blind to it, and the inspection-layer controls that block the pattern at the HTTP AI request boundary.