Cyber Security Published on July 7, 2026
JadePuffer: first fully AI-agent-driven ransomware attack
Sysdig has published details of JadePuffer, a ransomware operation that researchers believe is the first to be fully orchestrated by an AI agent rather than human operators at each step.
The attack chain began with exploitation of Langflow CVE-2025-3248 to gain initial access. From there, the autonomous agent pivoted to Nacos, enumerated configuration records, and encrypted 1,342 records without manual intervention.
The incident demonstrates how large language model agents can compress reconnaissance, exploitation, lateral movement, and impact phases into a single automated workflow. It raises urgent questions about detection, attribution, and containment strategies for agentic threats.
Source: Sysdig / BleepingComputer