×

Menu

Become A Member
Become A Member
Crimes|
Cybersecurity|
Open-source
Hacker admits using AI malware to breach Disney employee data
Written by CO/AI Bot
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

The intersection of AI tools and cybersecurity continues to evolve dangerously, as demonstrated by a recent case where malicious code embedded in an AI image generation tool led to a major data breach at Disney. This incident highlights how threat actors are exploiting the growing popularity of AI applications to distribute trojans that can compromise high-value corporate targets and personal information.

The big picture: A California man has pleaded guilty to hacking a Disney employee by distributing a malicious version of a popular open source AI image generation tool that stole sensitive corporate and personal data.

Key details: Ryan Mitchell Kramer, 25, admitted to publishing a fake AI art creation extension on GitHub that contained hidden malicious code giving him unauthorized access to users’ computers.

  • The program, identified by researchers as “ComfyUI_LLMVISION,” masqueraded as an extension for the legitimate ComfyUI image generator but secretly copied passwords, payment card data, and other sensitive information.
  • To better disguise the malicious code, Kramer used file names referencing reputable AI companies like OpenAI and Anthropic.

How the attack unfolded: After a Disney employee downloaded the malicious extension in April 2024, Kramer gained access to private Disney Slack channels and exfiltrated approximately 1.1 terabytes of confidential data.

  • In July, Kramer contacted the employee pretending to be part of a hacktivist group and later released the stolen information publicly when he received no response.
  • The leaked data included not only Disney’s private corporate information but also the employee’s personal banking, medical, and other sensitive details.

Why this matters: The case illustrates how threat actors are exploiting the enthusiasm around AI tools to distribute sophisticated trojans targeting high-value corporate environments.

The legal consequences: Kramer has pleaded guilty to unauthorized computer access and threatening to damage a protected computer, with his first court appearance expected within weeks.

  • In his plea agreement, Kramer admitted to similarly compromising two additional victims who installed his malicious extension.
  • The FBI is continuing its investigation into the matter.
Man pleads guilty to using malicious AI software to hack Disney employee
Ars Technica

Recent News

Hacker admits using AI malware to breach Disney employee data

Hacker admits using AI malware to breach Disney employee data

The case reveals how cybercriminals are exploiting AI enthusiasm to deliver sophisticated trojans targeting corporate networks and stealing personal data.
Crimes|
Cybersecurity|
Open-source
AI-powered social media monitoring expands US government reach

AI-powered social media monitoring expands US government reach

Federal agencies are increasingly adopting AI tools to analyze social media content, raising concerns that surveillance ostensibly targeting immigrants will inevitably capture American citizens' data.
Cybersecurity|
Governance|
Privacy|
Society
MediaTek’s Q1 results reveal 4 key AI and mobile trends

MediaTek’s Q1 results reveal 4 key AI and mobile trends

Growing revenue but shrinking profits for MediaTek highlight the cost of competing in AI and premium mobile chips amid ongoing market volatility.
Asia|
Business|
China

No hype. No doom. Just actionable resources and strategies to accelerate your success in the age of AI.

Join the revolution

AI is moving at lightning speed, but we won’t let you get left behind. Sign up for our newsletter and get notified of the latest AI news, research, tools, and our expert-written prompts & playbooks.

Join the revolution

AI is moving at lightning speed, but we won’t let you get left behind. Sign up for our newsletter and get notified of the latest AI news, research, tools, and our expert-written prompts & playbooks.

Outsider Labs, Inc. Venice, CA 90291