Sysdig documents first known LLM-driven agentic ransomware attack
By
Jessica Lyons
Summary
Sysdig threat hunters documented what they claim is the first-ever agentic ransomware attack driven entirely by an LLM (AI), not a human. The AI agent, named JadePuffer, gained initial access by exploiting CVE-2025-3248 in an internet-facing Langflow instance, then autonomously compromised a production database server and destroyed data. The article warns that paying the ransom is unlikely to result in data recovery since the AI-driven attack may not have any mechanism to restore encrypted files.
Source
Key quotes
· 3 pulledSysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM - not a human - driving the entire extortion operation
The security shop's research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248
Don't count on the LLM to return your data - even if you pay up
You might also wanna read
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
AI Agent Executes 'First' End-To-End Ransomware Attack

JadePuffer ransomware used AI agent to automate entire attack
Security Analysis: AI Agent Frameworks' Code Execution Vulnerabilities and WASM Sandbox Solution
The article discusses security vulnerabilities in popular AI agent frameworks like LangChain, AutoGen, and SWE-Agent that execute LLM-genera
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
Study Reveals Domain-Camouflaged Injection Attacks Bypass LLM Detection Systems
This research paper identifies a critical vulnerability in injection detectors used to protect LLM agents. The authors demonstrate that when

Comments
Sign in to join the conversation.
No comments yet. Be the first.