The AI-powered intrusion isn’t a forecast anymore β€” it’s a case file. Trend Micro researchers have documented a Russian-speaking threat actor, tracked as β€œbandcampro” behind the β€œPatriot Bait” campaign, who spent months using Google’s open-source Gemini CLI as a working member of his operation: writing infection code, operating a live command-and-control botnet, cracking passwords, and mining stolen credential vaults for follow-on access.

The headline number from the research: when the actor needed to migrate his C2 infrastructure, the jailbroken agent handled the architecture, the code, the VPS deployment, the Cloudflare configuration, and the initial debugging in six minutes.

The Jailbreak Was a Job Title

There was no exotic prompt-injection wizardry here. The actor simply told the agent it was an β€œauthorized penetration tester” β€” and that framing held across more than 200 sessions. Operating under its im