Guozhen AIGlobal AI field notes and model intelligence

Realtime AI News

Sysdig Uncovers First Fully AI-Agent-Driven Ransomware Attack: JADEPUFFER

Sysdig has documented the first known ransomware campaign driven end-to-end by an AI agent's own decision-making. The JadePuffer operation executed over 600 distinct payloads autonomously, with the AI redeploying a corrected payload just 31 seconds after hitting an error.

Published

Cloud security firm Sysdig published a report on July 6 detailing the first fully AI-agent-driven ransomware attack it has tracked, codenamed JADEPUFFER. The finding marks a new phase in cyberattacks where AI no longer merely assists but directly drives the decision-making and execution of the kill chain.

According to Michael Clark, Senior Director of Threat Research at Sysdig, this was not a simple AI-assisted scripted attack but one driven end-to-end by the large language model's own decision-making. The attacker gained initial access by exploiting a Langflow vulnerability (CVE-2025-3248) before targeting a production server running MySQL and Alibaba Nacos.

Sysdig observed the AI agent executing more than 600 distinct, purposeful payloads throughout the operation. The payloads narrated their objectives in plain language and identified high-value databases automatically — details Clark said that LLMs annotate by default. More striking: when a payload encountered an error on first execution, the AI agent diagnosed the issue, switched its approach from subprocess calls to direct library imports, and redeployed the corrected payload within 31 seconds.

"We have seen attackers script attacks for years, and we have seen AI speed up individual steps of attack chains," Clark told CyberScoop. However, this attack was "driven end-to-end by the model's own decision-making, rather than a human at the keyboard." The 31-second failure-to-fix cycle, he noted, is "the clearest example of where agentic AI gave the attacker an advantage."

The investigation also found that multiple AI models were used — the agent accessed keys for OpenAI, Anthropic, DeepSeek, and Gemini as it gathered information on the victim's systems. While the AI played a central role, a human attacker was still involved at critical junctures.

The practical impact is significant: what previously required skilled security personnel hours to accomplish — lateral movement, exploitation, payload tuning — can now be compressed to minutes or even seconds by an AI agent. As Clark summarized: "The model closed loops that used to require a skilled human."

JADEPUFFER represents a major milestone in the weaponization of AI for cybercrime. The security community now faces a fundamental question: when attack speed drops from hours to seconds, can signature-based detection and manual incident response keep pace?

Why it matters

AI-agent-driven ransomware compresses attack timelines from hours to seconds, fundamentally challenging traditional security detection and manual response workflows.

SysdigRansomwareAI AgentSecurity
Back to realtime news

Nearby Updates

All