Researchers at cloud security firm Sysdig have documented the first known case of 'agentic ransomware,' an extortion operation called JadePuffer. The AI agent executed a real-world cyberattack from start to finish, including breaching a vulnerable server, stealing credentials, navigating the target’s network, encrypting files, and writing its own ransom note. The attack was described as running 'without any human oversight,' with 'no human at the keyboard.'
The AI agent accessed a vulnerable server through a known bug in Langflow, a popular open-source tool for building LLM apps, then moved to a production MySQL server, exploiting another known flaw to gain admin access. It encrypted over 1,300 configuration records, left a ransom note it wrote itself, and provided a Bitcoin address for ransom payments. Sysdig has not disclosed the identity of the targeted victim, but the attack’s speed and transparency were notable, with the agent fixing a failed login in 31 seconds while narrating its reasoning in natural-language code comments.
Sysdig’s Michael Clark clarified that while the AI handled the technical execution, a human was still involved in setting up the operation, provisioning infrastructure, and choosing the victim. The credentials used to breach the database were obtained separately through a prior compromise and handed to the operation. Clark also noted that the agent stole provider API keys, cloud credentials, and other valuable data, but these keys do not indicate which model was driving the attack. Sysdig has not identified the specific model used in JadePuffer, nor does it have visibility into its system prompt or configuration.
Source: techcrunch