
TL;DR
Security firm Sysdig says it documented the first fully agentic ransomware attack, dubbed JadePuffer, in which an AI agent planned and executed an entire database-extortion operation with no human at the keyboard. The agent exploited a Langflow flaw, moved laterally, encrypted 1,342 config items, and diagnosed a failed login in 31 seconds, but never saved the decryption key, making recovery impossible.
Security firm Sysdig says it has documented the first ransomware attack run end to end by an AI agent, first reported by Business Insider. A large language model planned, executed, and adapted the entire operation, which Sysdig has named JadePuffer.
The agent chained together every stage of the attack, from reconnaissance and credential theft to lateral movement and data encryption. It did so with no human directing the keyboard, according to the company’s threat research team.
The intrusion began by exploiting a known Langflow remote-code-execution flaw to harvest cloud and AI-provider credentials. The agent then compromised a production database, encrypting 1,342 configuration items and leaving a ransom note.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
The clearest sign of autonomy came when an admin login failed, and the agent diagnosed the problem and issued a working fix in 31 seconds. More than 600 payloads across the campaign carried plain-language comments explaining the agent’s own reasoning, per BleepingComputer.
There is a grim catch for any victim. The ransom note’s decryption key was reportedly never saved, making recovery impossible even if the ransom were paid.
The barrier to entry just collapsed
The significance is less the sophistication than the deskilling, as an agent can now chain steps that once demanded expertise at each one. Ransomware is edging from a craft into a prompt.
JadePuffer does not stand alone. Anthropic recently disrupted what it called a largely AI-run cyber espionage campaign, and Google identified the first AI-developed zero-day exploit before it could be used at scale.
Governments are alarmed, with the UK’s Yvette Cooper warning of an AI “Hiroshima” without rules and frontier labs racing China on offensive capability. The same models that can be coaxed into misbehaviour are now cheap enough to weaponise.
Defenders are not standing still, and the industry is betting that 2026 becomes the year of governed cybersecurity AI. The uncomfortable truth is that both sides now field the same tools.
Sysdig’s case is a proof of concept as much as an incident, since one working example tends to become a template. The keyboard is empty, but the attack still runs.
View original source — The Next Web ↗

