All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
First reported by bsky
Sysdig documents first known LLM-driven agentic ransomware attack

Inside JADEPUFFER: Defending Against the First Agentic Ransomware

By

[email protected] (Umut Bayram)

21h agoen

Source

picussecurity.comInside JADEPUFFER: Defending Against the First Agentic Ransomwarepicussecurity.com
Snippet from the RSS feed
Key Takeaways JADEPUFFER is the first documented agentic ransomware, run end to end by an LLM with no human operator. Initial access came from exploiting CVE-2025-3248 , a missing-authentication flaw in an internet-facing Langflow instance. The agent pivoted to a production server, then encrypted and destroyed a MySQL database and Nacos configuration service . The agent diagnosed and fixed a failed login at machine speed, moving from error to correction in 31 seconds . Defenders should shrink internet-facing surfaces, add behavioral detection, and hunt for AI integration artifacts like embedded API keys. Ransomware has always had a human somewhere in the loop, either at the keyboard or writing the script that runs the attack. JADEPUFFER breaks that pattern. It is the first documented case of agentic ransomware, a complete extortion operation driven end to end by a large language model (LLM) with no human operator diagnosing errors or deciding the next move.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.