Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    JadePuffer ransomware used AI agent to automate entire attack

    July 4, 2026

    SOLVED: The Case of the Missing Megalodon

    July 4, 2026

    Black Hat Europe 2025 | Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

    July 3, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»JadePuffer ransomware used AI agent to automate entire attack
    News

    JadePuffer ransomware used AI agent to automate entire attack

    adminBy adminJuly 4, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    JadePuffer ransomware used AI agent to automate entire attack

    Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent.

    According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.

    The researchers say that the AI agent adapted to failures during the intrusion, much like a human operator would handle obstacles.

    image

    “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds,” Sysdig says.

    From initial access to encryption

    JadePuffer gained initial access to the target by exploiting CVE-2025-3248, an unauthenticated remote code execution vulnerability in Langflow, a popular open-source framework used for building LLM apps.

    The vendor fixed the flaw on April 1, 2025, and in early May of the same year, CISA tagged it as exploited in attacks targeting internet-exposed endpoints, usually deployed with minimal hardening but containing cloud credentials and API keys.

    After obtaining code execution through CVE-2025-3248, the AI agent dumped Langflow’s PostgreSQL database, collected host information, searched for environment variables and sensitive files, retrieved credentials, and enumerated a MinIO object store.

    Sysdig highlights the adaptive approach to MinIO enumeration, where if one API request returned XML instead of JSON, the next payload adjusted its parsing logic accordingly.

    JadePuffer also established persistence on the Langflow host by installing a cron job on the server, which was configured to beacon to the attacker’s infrastructure every 30 minutes.

    From the Langflow instance, the attacker pivoted to a production MySQL server running Alibaba Nacos (Naming and Configuration Service), using root credentials whose origin Sysdig couldn’t determine.

    Nacos was targeted with multiple payloads, including one exploiting CVE-2021-29441, an authentication bypass vulnerability that creates rogue administrator accounts.

    The agent probed for container escape methods and deployed the ransomware payload. According to the researchers, JadePuffer encrypted 1,342 Nacos service configuration items before deleting the originals.

    “The captured payloads show the agent encrypting all 1,342 Nacos service configuration items using MySQL’s AES_ENCRYPT(), dropping the original config_info and history tables, and creating an extortion table (README_RANSOM) containing the demand, a Bitcoin payment address, and a Proton Mail contact,” describes Sysdig.

    The encryption function
    The encryption function
    Source: Sysdig

    The ransom note claims that the data was encrypted using the AES-256 algorithm, although the researchers believe this to be an overstatement, and that the use of the weaker AES-128-ECB is more likely.

    Sysdig mentions that the encryption key is randomly generated but not stored or transmitted to the attacker.

    The Bitcoin address listed in the ransom note is an example address widely used in public documentation, possibly the result of the LLM reproducing it from the training data.

    Other signs that AI was controlling the attack include detailed natural-language comments in the generated code describing operational reasoning and rapid attack iteration that considers the specific errors encountered, rather than being simple retries.

    Rapid iteration steps
    Rapid iteration steps
    Source: Sysdig

    Sysdig concludes that the case of JadePuffer demonstrates that the age of “agentic threat actors” (ATAs) has arrived, lowering the skill required for conducting damaging cyberattacks.

    At the same time, given how AI agents operate today, LLM-generated payloads create new detection opportunities for security solutions.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleSOLVED: The Case of the Missing Megalodon
    admin
    • Website

    Related Posts

    News

    SOLVED: The Case of the Missing Megalodon

    July 4, 2026
    News

    NetNut proxy network disrupted, 2 million infected devices cut off

    July 3, 2026
    News

    Behind the Blog: With Blogs Like These, Who Needs a Private Jet

    July 3, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    JadePuffer ransomware used AI agent to automate entire attack

    July 4, 2026

    SOLVED: The Case of the Missing Megalodon

    July 4, 2026

    Black Hat Europe 2025 | Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents

    July 3, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.