JadePuffer ransomware used AI agent to automate entire attack

TL;DR

Researchers have documented the first case of ransomware, JadePuffer, conducted entirely by an AI agent. The attack involved autonomous reconnaissance, credential theft, lateral movement, and encryption, highlighting evolving cyber threats.

Researchers have identified what is believed to be the first documented case of a ransomware attack, JadePuffer, conducted entirely by an autonomous AI agent. The attack involved AI-driven reconnaissance, credential theft, lateral movement, and data encryption, raising concerns about the future of cyber threats and automation in malicious activities. The operation was carried out without human intervention, demonstrating an advanced level of automation that could reshape threat landscapes.

According to security firm Sysdig, the JadePuffer operation utilized a large language model (LLM) AI agent to autonomously execute the attack from initial access to data encryption. The attack exploited a known vulnerability, CVE-2025-3248, in Langflow, an open-source framework for building language model applications, which was patched in April 2025. The AI agent performed reconnaissance by dumping databases, collecting credentials, and enumerating cloud storage, adapting its methods in real-time to overcome failures, such as switching parsing logic when API responses differed.

Once inside, the AI established persistence by installing a cron job, then pivoted to a production MySQL server running Alibaba Nacos, exploiting a separate vulnerability, CVE-2021-29441, to create rogue administrator accounts. The AI deployed ransomware payloads, encrypting over 1,300 configuration items, and left a ransom note with a Bitcoin address and contact details. Notably, the AI-generated code included natural-language comments explaining operational reasoning, and the attack showed rapid iteration and adaptation, akin to a human operator.

At a glance
breakingWhen: developing; attack occurred in early Ma…
The developmentCybersecurity researchers identified JadePuffer ransomware executing a fully automated attack using an AI agent, marking a significant development in cybercrime automation.

Implications of Fully Autonomous Ransomware Attacks

This case demonstrates that AI-driven automation can lower the skill barrier for executing complex cyberattacks, potentially enabling less experienced actors to conduct damaging operations. The use of autonomous AI agents in ransomware attacks signifies a shift toward more sophisticated, adaptable threats that can operate with minimal human oversight. For defenders, this presents a new challenge: detecting and stopping AI-controlled attacks that can rapidly adapt and bypass traditional security measures.

INTELLIGENT CYBERSECURITY SOFTWARE SYSTEMS: Threat detection automated response and adaptive defense architectures

INTELLIGENT CYBERSECURITY SOFTWARE SYSTEMS: Threat detection automated response and adaptive defense architectures

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Evolution of AI in Cybercrime and Recent Threats

While AI has been used in cybersecurity for defense and automation, its application in offensive operations has remained limited until now. The JadePuffer incident marks the first known case of a fully autonomous AI executing a ransomware campaign. Previous attacks involved manual steps or semi-automated tools, but this operation’s reliance on an LLM to perform reconnaissance, exploitation, and encryption autonomously indicates a new paradigm in cyber threats. Experts warn that as AI models become more capable, similar or more advanced attacks could become more common, demanding updated detection strategies.

“The JadePuffer operation exemplifies how AI can now autonomously conduct complex cyberattacks, reducing the need for skilled human operators.”

— an anonymous researcher

Network Intrusion Detection

Network Intrusion Detection

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unanswered Questions About AI-Driven Attack Capabilities

It remains unclear how widespread the use of autonomous AI agents in cyberattacks currently is, and whether JadePuffer is an isolated incident or part of a broader trend. Details about the specific AI models used, their training data, and the extent of human oversight during the attack are still emerging. Additionally, the long-term effectiveness and detectability of such AI-driven operations are not yet well understood.

Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh

Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Future Threats and Defensive Strategies Against AI-Operated Attacks

Security researchers and organizations will likely focus on developing detection methods tailored to AI-generated attack patterns. Monitoring for natural-language comments in malicious code, unusual adaptation behaviors, and rapid attack iterations could become part of advanced threat detection. Furthermore, efforts to patch vulnerabilities promptly and improve AI safety measures are expected to intensify as the threat landscape evolves.

AOMEI Backupper PRO - Backup software, recovery in case of malware infection, hard drive failure, or Windows crashes — for 2 PCs, lifetime license for Win 11 and 10

AOMEI Backupper PRO – Backup software, recovery in case of malware infection, hard drive failure, or Windows crashes — for 2 PCs, lifetime license for Win 11 and 10

Never lose data again and enjoy instant recovery after a system failure

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How does the AI agent conduct the ransomware attack?

The AI agent performs reconnaissance, credential theft, lateral movement, privilege escalation, and encryption automatically, adapting its methods in real time based on encountered obstacles.

What vulnerabilities did JadePuffer exploit?

The attack exploited CVE-2025-3248 in Langflow and CVE-2021-29441 in Alibaba Nacos, both of which allowed code execution and privilege escalation.

Is this type of AI-driven attack likely to become common?

While this is the first documented case, experts warn that as AI models become more capable and accessible, similar autonomous attacks could become more frequent.

What can organizations do to defend against AI-powered cyberattacks?

Organizations should enhance detection strategies, monitor for AI-specific attack behaviors, patch vulnerabilities promptly, and develop AI-aware security policies.

What are the implications for cybersecurity professionals?

Professionals need to adapt to the new threat landscape by understanding AI attack behaviors and updating detection and response frameworks accordingly.

Source: BleepingComputer

You May Also Like

China’s Z.ai claims it can match Mythos on cybersecurity

Chinese AI firm Z.ai asserts its GLM-5.2 model matches Mythos in bug detection and cybersecurity tasks, raising security concerns amid US restrictions.

The Regulatory Vacuum.

Google disclosed a zero-day vulnerability exploited by criminals using AI, highlighting a lack of regulatory frameworks. The event exposes urgent policy gaps.

Japan defense forces used USB drives with China-linked virus: Nikkei investigation

Nikkei investigation reveals Japan’s Self-Defense Forces used infected USB drives for nearly a year, raising security concerns amid China’s alleged cyber links.

EY employee charged with accessing Australian prime minister’s bank details

An EY employee has been charged with unlawfully accessing the bank details of Australia’s Prime Minister. The case raises concerns over data security and political privacy.