Advertisement
X

AI Agent Pulls Off Full Ransomware Attack Without Human Help, Researchers Say

Cloud security firm Sysdig said the AI agent independently breached a vulnerable server, adapted to failed exploits, moved across the network and destroyed a database without any human intervention

AI Agent Pulls Off Full Ransomware Attack Without Human Help, Researchers Say
Summary
  • Sysdig documented what it described as the first AI agent to autonomously execute an end-to-end ransomware attack.

  • The AI adapted to failed exploits in real time, rewriting code and regaining access without human assistance.

  • Researchers warned AI is sharply reducing the cost and technical expertise needed to launch ransomware attacks.

Advertisement

Sysdig, a cloud security company has documented its first recorded case of an AI agent single-handedly carrying out an entire ransomware attack running end-to-end without human involvement at any stage raising fresh concerns about the speed at which AI is lowering the skill brink for cybercrime.

The company named the ransomware, "JADEPUFFER".

The threat secured initial access through a critical vulnerability in an internet-facing Langflow server CVE-2025-3248 which allowed it to execute arbitrary Python code remotely. Starting there, it gathered information about the host, scanned for cloud credentials, extracted cloud secrets and moved across the victim's internal network for additional systems.

Every step was executed autonomously by a large language model (LLM).

The Threat is Alarming

JADEPUFFER is different from automated malware scripts because of its ability to reason about failures.

When the agent was blocked from accessing a backdoor administrator account on the target server, it diagnosed the issue, wrote a new code, recreated the account using a different password, and successfully logged back in.

Advertisement

The most surprising thing is that everything happened in just 31 seconds.

The Researchers observed the same adaptive behavior throughout the attack. When one exploitation technique failed, the AI changed its approach rather than repeating the same command, establishing its capability of analysing failures and strategising accordingly.

"The most precise evidence of autonomy is not what the LLM did when things worked, but what it did when things failed, and how fast," Sysdig's researchers wrote.

One significant detail the researchers flagged was the attack scripts contained detailed natural language comments explaining why each step was being taken.

That pattern is typical with code written by large language models and uncommon in malware programmed by humans.

The Zero "Cost" of Security

According to the researchers, none of the individual techniques were sophisticated or novel.

"What is notable, however is that an AI model strung them together into a complete ransomware operation against neglected internet-facing infrastructure," they wrote.

Advertisement

Subsequently, the most concerning factor is the cost implication of the threat.

"JADEPUFFER is a warning sign. It is a marker of where extortion tradecraft is heading. An autonomous agent reasoned about its targets, harvested and reused credentials, moved laterally, established persistence, and destroyed a database, narrating its own intent the entire way," the researchers wrote.

"The skill floor for running ransomware has dropped to whatever it costs to run an agent, and if that agent is running on stolen credentials through LLMjacking, the cost to an attacker is close to zero," they added.