Agentic ransomware operation JadePuffer still relied on human setup
Cloud security firm Sysdig has documented what it calls the first known case of "agentic ransomware", an extortion operation dubbed JadePuffer in which an AI agent, rather than a person, carried out the technical steps of a real-world cyberattack. The agent broke into a vulnerable server, stole credentials, moved through the network, encrypted files and wrote its own ransom note, adapting to obstacles as it went. The case matters as an early sign that AI agents can independently execute the hands-on parts of a cyberattack, though initial reports that it ran with "no human at the keyboard" overstated how autonomous it truly was.
Sysdig's Michael Clark clarified that a human still set up the operation, provisioned the command-and-control and staging infrastructure, and chose the victim, while the database credentials came from a separate prior compromise rather than the agent itself. The agent exploited a known bug in the open-source tool Langflow, then a flaw in a production MySQL server to gain admin access, encrypting over 1,300 configuration records and leaving a Bitcoin address. The techniques were ordinary, but the speed and self-narration stood out — it fixed a failed login in 31 seconds. Sysdig could not identify which model drove the agent; harvested API keys for OpenAI, Anthropic, DeepSeek and Gemini were merely stolen loot, not evidence of what was running it.
AI Americas Cybersecurity Geopolitics Politics Technology World
Read the full article at the source →
Originally published by TechCrunch as “The ‘first’ AI-run ransomware attack still needed a human”.