First reported by bsky
Sysdig documents first known LLM-driven agentic ransomware attack
Inside JADEPUFFER: Defending Against the First Agentic Ransomware
By
[email protected] (Umut Bayram)
21h agoen
Source
picussecurity.comInside JADEPUFFER: Defending Against the First Agentic Ransomwarepicussecurity.comKey Takeaways JADEPUFFER is the first documented agentic ransomware, run end to end by an LLM with no human operator. Initial access came from exploiting CVE-2025-3248 , a missing-authentication flaw in an internet-facing Langflow instance. The agent pivoted to a production server, then encrypted and destroyed a MySQL database and Nacos configuration service . The agent diagnosed and fixed a failed login at machine speed, moving from error to correction in 31 seconds . Defenders should shrink internet-facing surfaces, add behavioral detection, and hunt for AI integration artifacts like embedded API keys. Ransomware has always had a human somewhere in the loop, either at the keyboard or writing the script that runs the attack. JADEPUFFER breaks that pattern. It is the first documented case of agentic ransomware, a complete extortion operation driven end to end by a large language model (LLM) with no human operator diagnosing errors or deciding the next move.
You might also wanna read
Sysdig reveals JadePuffer: first fully LLM-driven agentic ransomware campaign
Sysdig's Threat Research Team has identified JadePuffer, what they claim is the first fully agentic ransomware campaign driven entirely by a

JadePuffer: The First Complete LLM-Driven Ransomware Attack
BackBox.org·1d ago
Sysdig documents first known LLM-driven agentic ransomware attack
Sysdig threat hunters documented what they claim is the first-ever agentic ransomware attack driven entirely by an LLM (AI), not a human. Th
Why this fully agentic ransomware attack is giving researchers nightmares
zdnet.com·20h ago

JadePuffer ransomware used AI agent to automate entire attack
bleepingcomputer.com·3d ago

JadePuffer ransomware used AI agent to automate entire attack
BleepingComputer·3d ago

AI Agent Executes 'First' End-To-End Ransomware Attack
Slashdot·5d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.