It starts with a misconfigured S3 bucket. Not a zero-day. Not a nation-state exploit. Just a forgotten public bucket — the kind that shows up in every cloud audit and gets a "medium severity" tag before someone closes the Jira ticket and moves on. Except this time, there's no human on the other side waiting for a pentest report. There's an AI agent. And it doesn't close tickets — it chains 11 automated actions in under four minutes and walks out with the environment's IAM credentials. Nobody typed a single command. Before you assume this is hypothetical: in early 2024, researchers at UIUC handed GPT-4 a browser, a terminal, and a list of CVE descriptions. The agent autonomously exploited 87% of real one-day vulnerabilities it was pointed at. By 2025, open-source agent frameworks made the same capability accessible to anyone with an API key.…