An AI agent has allegedly conducted an entire ransomware attack independently.

An AI agent has allegedly conducted an entire ransomware attack independently.

      Cybersecurity researchers have reported what may be the first ransomware attack primarily executed by an autonomous AI agent, indicating a major shift in the potential conduct of cyberattacks in the future. According to cloud security firm Sysdig, they discovered a ransomware operation named JadePuffer that seems to have utilized a large language model (LLM) agent to carry out nearly every phase of the attack without ongoing human involvement.

      If validated, this incident implies that AI is evolving beyond merely writing malicious code to actively planning, adjusting, and executing cyberattacks in real-time.

      JadePuffer adapted to challenges similarly to a human hacker.

      As per Sysdig’s analysis, JadePuffer started by exploiting CVE-2025-3248, a remote code execution vulnerability within Langflow, an open-source framework utilized for LLM-powered applications. This flaw, which was patched in April 2025, was subsequently included in the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of vulnerabilities exploited in the wild.

      Once it infiltrated the system, the AI agent purportedly executed a complete attack chain that resembles those typically conducted by experienced human operators. It gathered host information, searched for credentials and sensitive files, extracted cloud secrets, and mapped storage resources before moving laterally through the victim’s infrastructure.

      What distinguished this attack was not just the automation but its adaptability.

      According to the Sysdig report, the researchers noted the AI agent's ability to respond flexibly when certain commands did not succeed. In one case, the malware faced an unexpected XML response while querying a MinIO object store. Rather than failing, the agent adjusted its parsing logic and attempted a different approach. Additionally, a failed login attempt was automatically corrected within 31 seconds, without any human intervention.

      The AI subsequently established persistence by creating scheduled cron jobs before shifting to a production server running Alibaba Nacos, where it exploited CVE-2021-29441 to generate unauthorized administrator accounts. Ultimately, it encrypted 1,342 Nacos configuration records, deleted the original data, and replaced it with a ransom note that demanded payment in Bitcoin.

      Interestingly, researchers discovered multiple indications that the operation was AI-generated. The malicious code included unusually detailed natural-language comments that clarified its reasoning, while the ransom note referenced a Bitcoin wallet typically found in documentation rather than a real payment address. Sysdig also suspects that the malware used AES-128 in ECB mode, despite claiming to employ AES-256 encryption.

      These findings coincide with increasing warnings from cybersecurity experts about the rise of agentic AI, wherein AI systems can autonomously plan and execute complex tasks rather than merely responding to prompts. While JadePuffer exploited existing vulnerabilities rather than creating new attack strategies, its capacity to independently perform reconnaissance, privilege escalation, persistence, and ransomware deployment signifies a significant advancement in offensive AI capabilities.

      Sysdig asserts that this incident indicates the emergence of "agentic threat actors," possibly reducing the technical knowledge needed to conduct advanced cyberattacks. At the same time, researchers point out that AI-generated attacks may exhibit unique behavioral patterns and coding traits that defenders can leverage to develop new detection methods.

      For organizations, this report serves as a crucial reminder that patching internet-facing systems and securing cloud credentials remain vital, even as the nature of attackers evolves.

An AI agent has allegedly conducted an entire ransomware attack independently. An AI agent has allegedly conducted an entire ransomware attack independently.

Other articles

General AI expertise might not suffice anymore, as organizations are seeking more specialized skills. General AI expertise might not suffice anymore, as organizations are seeking more specialized skills. When the generative AI surge ignited in late 2022, business executives and team leaders globally were entranced by its possibilities. Numerous business leaders swiftly acknowledged the promise of this emerging technology and started seeking ways to implement it. This led to a significant hiring frenzy: Companies were actively searching far and wide [...] Novartis acquires the UK biotech Myricx for as much as $1.5 billion in pursuit of a new class of cancer treatments. Novartis acquires the UK biotech Myricx for as much as $1.5 billion in pursuit of a new class of cancer treatments. Novartis will provide $1.1 billion upfront and up to $400 million based on milestones for Myricx Bio, a UK company working on a new payload for antibody-drug conjugates. Novartis acquires UK biotech Myricx for up to $1.5 billion in pursuit of a new class of cancer drugs. Novartis acquires UK biotech Myricx for up to $1.5 billion in pursuit of a new class of cancer drugs. Novartis will make an upfront payment of $1.1 billion and could pay an additional $400 million in milestone payments for Myricx Bio, a UK company focused on creating a new payload for antibody-drug conjugates. Samsung’s appliance employees intend to hold a rally regarding the bonuses awarded to chip division workers. Samsung’s appliance employees intend to hold a rally regarding the bonuses awarded to chip division workers. Samsung employees involved in the production of phones, TVs, and appliances will protest in Suwon regarding a bonus arrangement that awards chip workers up to 600 million won, while they are set to receive only 6 million won. The UN states that AI is advancing more rapidly than regulations, and it has a report to back this claim. The UN states that AI is advancing more rapidly than regulations, and it has a report to back this claim. As a UN discussion on AI governance begins in Geneva, António Guterres cautions that AI is progressing more swiftly than governments can assess or regulate it. Shampoo and cookies receive an AI upgrade as major consumer brands revamp their laboratories. Shampoo and cookies receive an AI upgrade as major consumer brands revamp their laboratories. P&G, Unilever, and Mondelez are utilizing AI to develop products and execute campaigns, shortening timelines that previously required years to just weeks.

An AI agent has allegedly conducted an entire ransomware attack independently.

Security researchers state that an autonomous AI agent conducted a fully-fledged ransomware attack, adjusting to setbacks and performing the infiltration with very little human involvement.