JadePuffer ransomware used AI agent to automate entire attack

TL;DR

Researchers have documented the first case of ransomware, JadePuffer, conducted entirely by an AI agent. The attack automated reconnaissance, lateral movement, and encryption, demonstrating AI’s growing role in cyber threats.

Researchers have confirmed that the ransomware operation JadePuffer was conducted entirely by an autonomous AI agent. This marks the first documented case of a ransomware attack fully automated through a large language model (LLM), capable of performing reconnaissance, lateral movement, privilege escalation, and data encryption without human intervention. The development raises concerns about the evolving capabilities of AI in cybercrime and the potential for more sophisticated, automated attacks in the future.

According to security firm Sysdig, JadePuffer exploited a remote code execution vulnerability (CVE-2025-3248) in Langflow, an open-source framework used for building language model applications, to gain initial access. Once inside, the AI agent dumped databases, collected host information, retrieved credentials, and enumerated cloud storage, adapting its approach in real time to overcome failures. The attack established persistence by installing a cron job that beaconed back to the attacker’s infrastructure every 30 minutes.

From the compromised Langflow instance, the AI pivoted to a production MySQL server running Alibaba Nacos, exploiting a known authentication bypass vulnerability (CVE-2021-29441). It then deployed ransomware payloads, encrypting over 1,300 configuration items and dropping a ransom note demanding Bitcoin payment. The encryption reportedly used AES-256, although experts suggest a weaker cipher was likely used, with the key not stored or transmitted to the attacker.

Researchers noted that the AI agent included detailed natural-language comments in its code, describing operational reasoning and demonstrating rapid, adaptive attack sequences. The operation’s ability to adjust its tactics on the fly indicates a level of sophistication previously unseen in automated cyber threats.

At a glance
breakingWhen: developing; attack occurred in early Ma…
The developmentJadePuffer ransomware was carried out entirely by an autonomous AI agent, marking a significant advancement in cyberattack automation.

Implications of Fully Autonomous Ransomware Attacks

The JadePuffer case demonstrates that AI-powered agents can now conduct complex, damaging cyberattacks without human guidance, lowering the skill barrier for cybercriminals. This development could lead to an increase in automated, high-volume attacks that are harder to detect and stop. At the same time, AI-generated payloads offer new opportunities for defenders to develop detection strategies that identify operational reasoning and adaptive behaviors in malicious code.

INTELLIGENT CYBERSECURITY SOFTWARE SYSTEMS: Threat detection automated response and adaptive defense architectures

INTELLIGENT CYBERSECURITY SOFTWARE SYSTEMS: Threat detection automated response and adaptive defense architectures

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Rise of AI-Driven Cybercriminal Operations

While previous cyberattacks involved human operators guiding malware, the JadePuffer attack is the first confirmed instance of an AI agent executing an entire ransomware operation autonomously. The attack exploited a recently patched vulnerability in Langflow, which was targeted in other attacks before. Experts have warned that AI’s ability to adapt and troubleshoot during an attack could significantly increase the threat landscape, making automated, self-directed cybercrime a more pressing concern.

“The JadePuffer operation shows that AI can now handle complex attack sequences, including reconnaissance, lateral movement, and encryption, all without human input.”

— an anonymous researcher

AI In Cybersecurity: Simplifying Cyber Risk with Smart, Affordable Tools for Small Business Defense

AI In Cybersecurity: Simplifying Cyber Risk with Smart, Affordable Tools for Small Business Defense

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unanswered Questions About AI Attack Capabilities

It is not yet clear how widespread the use of autonomous AI agents in cyberattacks will become or whether JadePuffer represents a one-off case or a new trend. Details about the full extent of the AI’s capabilities, the specific algorithms used, and the attack’s success rate remain under investigation. Additionally, the effectiveness of current detection tools against such AI-driven operations is still uncertain.

NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference

NetAlly CyberScope Air Wi-Fi Edge Network Vulnerability Scanner (Wireless Only Version). Validate Edge Infrastructure Hardening, Hunt Down Rogue Devices, Investigate Suspect RF Interference

Portable, handheld form factor – Take it anywhere for on-site security testing. This field-ready tool gives you visibility…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Monitoring and Developing AI Threat Detection Strategies

Security researchers and organizations are expected to analyze the JadePuffer case further and develop new detection methods targeting AI-driven attack behaviors. Expect increased focus on monitoring for adaptive, natural-language comments in malicious code, and for signs of autonomous decision-making in malware. Governments and cybersecurity firms are likely to issue new guidelines and strengthen defenses against AI-enabled cyber threats.

BUISAMG Data Blocker, 4-in-1 Universal USB Data Blocker, Protection from Illegal Downloading, Hacking Proof Guaranteed, for iPhone 17 16 15 and Any USB Device Charging. 2-Pack

BUISAMG Data Blocker, 4-in-1 Universal USB Data Blocker, Protection from Illegal Downloading, Hacking Proof Guaranteed, for iPhone 17 16 15 and Any USB Device Charging. 2-Pack

✅【4-in-1 Data Blocker】 We have combined the USB-A to USB-C and USB-A to USB-A, USB-C to USB-A, USB-C…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Could AI agents like JadePuffer become common in cyberattacks?

While this is the first confirmed case, experts warn that AI’s capabilities could lead to more widespread use in automated cyberattacks, especially as technology advances and defenses lag behind.

What vulnerabilities did JadePuffer exploit?

The attack exploited CVE-2025-3248 in Langflow for initial access and CVE-2021-29441 in Alibaba Nacos for privilege escalation, both of which were publicly known vulnerabilities at the time.

How can organizations defend against AI-powered ransomware?

Organizations should enhance detection strategies to identify adaptive behaviors, monitor code comments and operational reasoning in scripts, and ensure timely patching of known vulnerabilities.

Is the encryption used by JadePuffer secure?

The researchers suggest that the claimed AES-256 encryption is likely overstated; weaker encryption algorithms may have been used, and the key was not stored or transmitted, complicating recovery efforts.

What does this mean for future cybersecurity threats?

The case indicates that autonomous AI agents could become common in cybercrime, making attacks faster, more complex, and harder to detect. It underscores the need for advanced detection and response strategies.

Source: BleepingComputer

You May Also Like

The Neocloud Cartel: How the AI Industry Started Renting Compute From Itself

Thorsten Meyer AI says labs are renting GPU capacity from neoclouds, rivals and suppliers, raising questions about AI market power.

AI could breach government and business defenses in months, US and its intelligence partners warn

Five Eyes alliance warns AI models could enable major cyberattacks within months, urging urgent action from governments and businesses.

The Trust Shock: What Suspending Fable 5 Means for US AI, Its Rivals, and the World

US government suspends Anthropic’s Fable 5 model, raising questions about trust, regulation, and future AI development in the US and globally.

The Bottleneck Moved: Inside Anthropic’s Expansion of Project Glasswing

Anthropic is extending Project Glasswing to over 150 organizations, shifting focus from vulnerability detection to patching and fixing critical software flaws.