An AI agent just ran a full ransomware attack with no human at the keyboard

https://media.thenextweb.com/2026/07/jadepuffer-agentic-ai-ransomware.avif

TL;DR

Security firm Sysdig says it documented the first fully agentic ransomware attack, dubbed JadePuffer, in which an AI agent planned and executed an entire database-extortion operation with no human at the keyboard. The agent exploited a Langflow flaw, moved laterally, encrypted 1,342 config items, and diagnosed a failed login in 31 seconds, but never saved the decryption key, making recovery impossible.

Security firm Sysdig says it has documented the first ransomware attack run end to end by an AI agent, first reported by Business Insider. A large language model planned, executed, and adapted the entire operation, which Sysdig has named JadePuffer.

The agent chained together every stage of the attack, from reconnaissance and credential theft to lateral movement and data encryption. It did so with no human directing the keyboard, according to the company’s threat research team.

The intrusion began by exploiting a known Langflow remote-code-execution flaw...

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE