The intersection of AI tools and cybersecurity continues to evolve dangerously, as demonstrated by a recent case where malicious code embedded in an AI image generation tool led to a major data breach at Disney. This incident highlights how threat actors are exploiting the growing popularity of AI applications to distribute trojans that can compromise high-value corporate targets and personal information.
The big picture: A California man has pleaded guilty to hacking a Disney employee by distributing a malicious version of a popular open source AI image generation tool that stole sensitive corporate and personal data.
Key details: Ryan Mitchell Kramer, 25, admitted to publishing a fake AI art creation extension on GitHub that contained hidden malicious code giving him unauthorized access to users’ computers.
- The program, identified by researchers as “ComfyUI_LLMVISION,” masqueraded as an extension for the legitimate ComfyUI image generator but secretly copied passwords, payment card data, and other sensitive information.
- To better disguise the malicious code, Kramer used file names referencing reputable AI companies like OpenAI and Anthropic.
How the attack unfolded: After a Disney employee downloaded the malicious extension in April 2024, Kramer gained access to private Disney Slack channels and exfiltrated approximately 1.1 terabytes of confidential data.
- In July, Kramer contacted the employee pretending to be part of a hacktivist group and later released the stolen information publicly when he received no response.
- The leaked data included not only Disney’s private corporate information but also the employee’s personal banking, medical, and other sensitive details.
Why this matters: The case illustrates how threat actors are exploiting the enthusiasm around AI tools to distribute sophisticated trojans targeting high-value corporate environments.
The legal consequences: Kramer has pleaded guilty to unauthorized computer access and threatening to damage a protected computer, with his first court appearance expected within weeks.
- In his plea agreement, Kramer admitted to similarly compromising two additional victims who installed his malicious extension.
- The FBI is continuing its investigation into the matter.
Recent Stories
DOE fusion roadmap targets 2030s commercial deployment as AI drives $9B investment
The Department of Energy has released a new roadmap targeting commercial-scale fusion power deployment by the mid-2030s, though the plan lacks specific funding commitments and relies on scientific breakthroughs that have eluded researchers for decades. The strategy emphasizes public-private partnerships and positions AI as both a research tool and motivation for developing fusion energy to meet data centers' growing electricity demands. The big picture: The DOE's roadmap aims to "deliver the public infrastructure that supports the fusion private sector scale up in the 2030s," but acknowledges it cannot commit to specific funding levels and remains subject to Congressional appropriations. Why...
Oct 17, 2025Tying it all together: Credo’s purple cables power the $4B AI data center boom
Credo, a Silicon Valley semiconductor company specializing in data center cables and chips, has seen its stock price more than double this year to $143.61, following a 245% surge in 2024. The company's signature purple cables, which cost between $300-$500 each, have become essential infrastructure for AI data centers, positioning Credo to capitalize on the trillion-dollar AI infrastructure expansion as hyperscalers like Amazon, Microsoft, and Elon Musk's xAI rapidly build out massive computing facilities. What you should know: Credo's active electrical cables (AECs) are becoming indispensable for connecting the massive GPU clusters required for AI training and inference. The company...
Oct 17, 2025Vatican launches Latin American AI network for human development
The Vatican hosted a two-day conference bringing together 50 global experts to explore how artificial intelligence can advance peace, social justice, and human development. The event launched the Latin American AI Network for Integral Human Development and established principles for ethical AI governance that prioritize human dignity over technological advancement. What you should know: The Pontifical Academy of Social Sciences, the Vatican's research body for social issues, organized the "Digital Rerum Novarum" conference on October 16-17, combining academic research with practical AI applications. Participants included leading experts from MIT, Microsoft, Columbia University, the UN, and major European institutions. The conference...