Technology

Researchers uncover first fully autonomous AI ransomware attack

Sysdig researchers documented JADEPUFFER, a ransomware attack they say was run entirely by an AI agent, from breach to encryption

Published July 05, 2026
Make us preferred on Google
Researchers uncover first fully autonomous AI ransomware attack
Researchers uncover first fully autonomous AI ransomware attack 

Cloud security firm Sysdig says it has documented the first ransomware operation carried out entirely by an autonomous AI agent, with no human directly steering the attack.

Sysdig's Threat Research Team dubbed the operator JADEPUFFER, describing it as an "agentic threat actor", a large language model that scouted the target, stole credentials, moved through the network, and destroyed data without a person at the keyboard, as first reported by Bleeping Computer.

How the agent broke in and adapted on the fly

Advertisement

The malware called JADEPUFFER initially got hold through a vulnerability in Langflow, which is a free-to-use platform for developing artificial intelligence apps. The attacker used this weakness to obtain the API keys, cloud credentials, and database access logs.

But what worried experts the most was the response to failure. In case of failure in creating an admin account on a Nacos config server, the malware was able to detect the problem and provide a solution within 31 seconds.

The agent made another adjustment in another case, where it received information in an XML format rather than the expected JSON format when it was retrieving information from a storage mechanism.

Following successful harvesting of credentials on the Langflow host, JADEPUFFER targeted a new production server that hosted the Alibaba Nacos service and MySQL database using the same authentication bypass to proceed further.

Eventually, JADEPUFFER went ahead and encrypted all 1,342 items in the Nacos configurations, deleting them before creating a ransom note table called README_RANSOM.

Researchers uncover first fully autonomous AI ransomware attack

Despite the attack's effectiveness, researchers spotted several giveaways that a machine, not a human, was behind it. The malicious code was riddled with polite, detailed natural-language comments explaining each step of its own logic, a hallmark of LLM output rarely seen in human-written malware.

Sysdig discovered further that the encryption key used to lock the data had been created only once and printed out but was nowhere saved or sent, making it impossible for the attackers themselves to decrypt and return any files that would result from a ransom payout.

Furthermore, the Bitcoin address provided in the ransom note was a generic placeholder commonly found in open-source documentation, clearly a delusion that made the entire payment pointless.

While characterising JADEPUFFER as a signal rather than a novelty, Sysdig claims that AI agents are reducing the necessary skill level for executing an entire attack chain from end-to-end.

This is because the flaws exploited by the AI agent were all known already, and the researchers believe this is the more worrisome aspect, that old, vulnerable software can now be easily exploited through an AI agent.

Pareesa Afreen
Pareesa Afreen is a reporter and sub editor specialising in technology coverage, with 3 years of experience. She reports on digital innovation, gadgets, and emerging tech trends while ensuring clarity and accuracy through her editorial role, delivering accessible and engaging stories for a fast-evolving digital audience.
Share this story: