An AI agent has allegedly conducted an entire ransomware attack independently.
Cybersecurity researchers have reported what may be the first ransomware attack primarily executed by an autonomous AI agent, indicating a major shift in the potential conduct of cyberattacks in the future. According to cloud security firm Sysdig, they discovered a ransomware operation named JadePuffer that seems to have utilized a large language model (LLM) agent to carry out nearly every phase of the attack without ongoing human involvement.
If validated, this incident implies that AI is evolving beyond merely writing malicious code to actively planning, adjusting, and executing cyberattacks in real-time.
JadePuffer adapted to challenges similarly to a human hacker.
As per Sysdig’s analysis, JadePuffer started by exploiting CVE-2025-3248, a remote code execution vulnerability within Langflow, an open-source framework utilized for LLM-powered applications. This flaw, which was patched in April 2025, was subsequently included in the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of vulnerabilities exploited in the wild.
Once it infiltrated the system, the AI agent purportedly executed a complete attack chain that resembles those typically conducted by experienced human operators. It gathered host information, searched for credentials and sensitive files, extracted cloud secrets, and mapped storage resources before moving laterally through the victim’s infrastructure.
What distinguished this attack was not just the automation but its adaptability.
According to the Sysdig report, the researchers noted the AI agent's ability to respond flexibly when certain commands did not succeed. In one case, the malware faced an unexpected XML response while querying a MinIO object store. Rather than failing, the agent adjusted its parsing logic and attempted a different approach. Additionally, a failed login attempt was automatically corrected within 31 seconds, without any human intervention.
The AI subsequently established persistence by creating scheduled cron jobs before shifting to a production server running Alibaba Nacos, where it exploited CVE-2021-29441 to generate unauthorized administrator accounts. Ultimately, it encrypted 1,342 Nacos configuration records, deleted the original data, and replaced it with a ransom note that demanded payment in Bitcoin.
Interestingly, researchers discovered multiple indications that the operation was AI-generated. The malicious code included unusually detailed natural-language comments that clarified its reasoning, while the ransom note referenced a Bitcoin wallet typically found in documentation rather than a real payment address. Sysdig also suspects that the malware used AES-128 in ECB mode, despite claiming to employ AES-256 encryption.
These findings coincide with increasing warnings from cybersecurity experts about the rise of agentic AI, wherein AI systems can autonomously plan and execute complex tasks rather than merely responding to prompts. While JadePuffer exploited existing vulnerabilities rather than creating new attack strategies, its capacity to independently perform reconnaissance, privilege escalation, persistence, and ransomware deployment signifies a significant advancement in offensive AI capabilities.
Sysdig asserts that this incident indicates the emergence of "agentic threat actors," possibly reducing the technical knowledge needed to conduct advanced cyberattacks. At the same time, researchers point out that AI-generated attacks may exhibit unique behavioral patterns and coding traits that defenders can leverage to develop new detection methods.
For organizations, this report serves as a crucial reminder that patching internet-facing systems and securing cloud credentials remain vital, even as the nature of attackers evolves.
Other articles
An AI agent has allegedly conducted an entire ransomware attack independently.
Security researchers state that an autonomous AI agent conducted a fully-fledged ransomware attack, adjusting to setbacks and performing the infiltration with very little human involvement.
