Darktrace identified an AI-generated malware sample exploiting the React2Shell vulnerability in its honeypot environment. The incident demonstrates how LLM-assisted development enables low-skill attackers to rapidly create effective exploitation tools. The attack chain involved spawning a container named 'python-metrics-collector' on an exposed Docker daemon, downloading and executing a Python script, and deploying a XMRig crypto miner. The malware sample featured thorough code documentation and lacked typical obfuscation, indicating AI generation. This highlights the growing trend of AI-enabled cyber threats that are now operational and accessible to anyone, posing new challenges for defenders.