'First' AI ransomware attack JadePuffer still required human setup
Original: The ‘first’ AI-run ransomware attack still needed a human
Why This Matters
Agentic AI enabling autonomous cyberattack execution marks a significant escalation in ransomware threat sophistication.
Cloud security firm Sysdig documented what it calls the first 'agentic ransomware' attack, dubbed JadePuffer. An AI agent autonomously executed a cyberattack — breaching a server, stealing credentials, encrypting 1,300+ records, and writing a ransom note — but a human still set up infrastructure and chose the victim.
Sysdig researchers documented what they describe as the first known 'agentic ransomware' operation, named JadePuffer. An AI agent handled full technical execution of a real-world cyberattack without a human at the keyboard: it exploited a known vulnerability in Langflow (an open-source LLM app-building tool), moved laterally to a production MySQL server, gained admin access via a second known flaw, encrypted over 1,300 configuration records, and autonomously authored a ransom note complete with a Bitcoin address. The agent recovered from a failed login in just 31 seconds, narrating its reasoning in natural-language code comments throughout. However, Sysdig's senior director of threat research Michael Clark clarified to CyberScoop and TechCrunch that a human still provisioned the command-and-control server, staging server, and selected the victim. The initial credentials were also obtained through a prior compromise — not by the AI agent. Clark also clarified that API keys found for OpenAI, Anthropic, DeepSeek, and Gemini were data the agent stole from the Langflow host, not evidence of which model powered the attack. The specific model driving JadePuffer was not identified. Sysdig has not disclosed the identity of the targeted organization.