Meet JadePuffer: The First Fully Agentic AI Ransomware

Cloud security firm Sysdig has released details on what it claims to be the world’s first ransomware campaign, completely driven by agentic AI, dubbed JadePuffer. The attackers exploited CVE-2025-3248 in an internet-facing Langflow (low-code AI builder tool for agentic applications) instance, allowing the AI agent to autonomously perform reconnaissance, steal credentials, move laterally, and establish persistence without human intervention.

According to Sysdig, the LLM adapted to failures in real time, even correcting unsuccessful login attempts within 31 seconds. The campaign harvested cloud, database and object-storage credentials before compromising a production Alibaba Nacos server and attempting to exploit CVE-2021-29441. Instead of focusing on extortion through recoverable encryption, JadePuffer encrypted all 1,342 Nacos configuration items and deleted the originals, making recovery effectively impossible. Sysdig found that the encryption key was randomly generated, displayed only briefly, and never stored or transmitted, meaning victims could not recover their data even if they paid a ransom. The researchers concluded that the campaign demonstrates how AI agents can autonomously execute complex, adaptive, multi-stage cyberattacks with little or no direct human involvement.

Read more about it here.

Leave a Reply

Your email address will not be published. Required fields are marked *