A global hacking campaign dubbed ShadowRay 2.0 has been discovered, exploiting a vulnerability in the Ray AI framework to seize control of computing clusters and create a self-replicating botnet. The attackers use GitLab and GitHub for payload delivery, leveraging AI-generated code to adapt their methods. The campaign has evolved from simple cryptojacking to a sophisticated multi-purpose botnet capable of DDoS attacks and data exfiltration. The operation targets exposed Ray clusters worldwide, utilizing DevOps-style infrastructure for real-time malware updates. This campaign highlights the growing attack surface in AI workloads and the risks associated with disputed vulnerabilities.