A 25-year old hacker has agreed to plead guilty to hacking the Disney Corporation by compromising a tool for AI-generating art. According to a Department of Justice press release, the hacker, Ryan Mitchell Krameraka NullBulge will admit to two felony charges related to the offense.As we reported last year, NullBulge specifically targeted AI users by compromising ComfyUI, a very popular graphical user interface for the open-weights AI image generator Stable Diffusion thats distributed on Github. The extension contained a trojan horse that allowed Kramer to access the computer of whoever used it, including one Disney employee.By leveraging access to that employees computer, Kramer was able to access the companys Slack and download 1.1 terabytes of data. Kramer pinged the employee in July of 2024 and, using the alias NullBulge, threatened to leak all the personal information in the data he obtained from Disney. The employee didnt respond and Kramer followed through with the threat and published the information.At the time, NullBulge said he targeted ComfyUI as an ideological protest against AI-generated art. AI-generated artwork is detrimental to the creative industry and should be discouraged, the hacker said on the Github for the ComfyUI extension. Maybe check us out, and maybe think twice about releasing ai tools on such a weakly secured account.According to security researchers at vpnMentor, NullBulges version of the ComfyUI extension compromised crypto wallets, flooded users systems with malware, and stole their personal data. Researchers at SentinelOne dug a little more into the persona and uncovered a long history of NullBulge making money from hacking.Kramers current plea deal is related only to the Disney hack. Hes been charged with two felony counts, according to the Department of Justice: one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison.Kramers legal troubles might not be over. Kramer admitted in his plea agreement that, in addition to the victim, at least two other victims downloaded Kramers malicious file, and that Kramer was able to gain unauthorized access to their computers and accounts, the Department of Justice said in its press release. The FBI is investigating this matter.