Realtime AI News
Sysdig Documents First Fully Autonomous AI Ransomware Attack: LLM Agent Executes Entire Kill Chain Unattended
Cloud security firm Sysdig has documented what researchers assess to be the first ransomware campaign executed end-to-end by an autonomous large language model. The AI agent, tracked as JadePuffer, broke into a system, moved laterally, encrypted production data, and dropped a ransom note without a human issuing a single mid-operation command.
Cloud security firm Sysdig has documented what its researchers assess to be the first ransomware campaign executed entirely by an autonomous large language model — an AI agent that completed the full attack chain without any human intervention mid-operation. The threat actor, tracked as JadePuffer, marks a turning point in cybersecurity.
JadePuffer gained initial access by exploiting CVE-2025-3248, an unauthenticated remote code execution flaw in Langflow, an open-source framework widely used to build AI applications. Though Langflow released a patch in April 2025, internet-facing deployments remained exposed.
From there, the agent pivoted to a production server running a MySQL database and an Alibaba Nacos configuration service. The full attack chain covered reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and data destruction.
The defining statistic: the agent encrypted all 1,342 Nacos service configuration records using MySQL's own AES_ENCRYPT() function, deleted the original tables, and created a new table containing the ransom demand. The encryption key was generated during execution, never retained, and never sent back to the attacker — meaning the data is likely unrecoverable even if the ransom is paid.
Sysdig's logs captured a critical 42-second window. At 19:34:36 UTC, a login attempt failed. No human read the error, typed a fix, or confirmed a retry. The agent diagnosed the broken credential, deleted the compromised account, regenerated a working password hash, and logged in successfully — in 31 seconds. That is not scripted automation; that is adaptive reasoning.
Sysdig's senior director of threat research Michael Clark stated plainly that this attack was driven end-to-end by the model's own decision-making, rather than a human at the keyboard. A prewritten script cannot navigate an unexpected authentication error, but an LLM agent can, and did.
A paradoxical but critical detail: the agent's self-documenting nature may also be its most detectable characteristic. Every payload was saturated with inline natural-language annotations explaining what the code was doing and why. Sysdig counted more than 600 distinct purposeful payloads, each with embedded reasoning. That self-documentation, normally a liability for defenders, becomes a real-time detection signature.
Sysdig estimates the cost to attackers running this kind of operation through LLMjacking — using stolen cloud credentials for AI inference so the compute doesn't appear on their own bill — is effectively near zero. Meanwhile, AI security company deals jumped from just 10 for all of last year to 29 in the first half of 2026 alone, signaling that enterprise buyers already sense what is coming.
Why it matters
This event marks the transition of AI-driven cyberattacks from theory to operational reality, and enterprise defenses urgently need to build detection capabilities around AI behavioral signatures.
Nearby Updates
All07/18, 16:52
'Tongda Vision Model' Launches, Advancing Traffic AI from 'Seeing' to 'Understanding'
The Tongda Vision Model has been released, designed to upgrade traffic AI from basic image recognition to deep semantic understanding of transportation scenes. The model represents a shift from perception-level to cognition-level AI in transportation infrastructure.
07/18, 16:52
Tencent at WAIC 2026: API Calls Surge 68x, AI Strategy Expands into Robotics, Office, and Global Markets
Tencent showcased its full AI capability matrix at WAIC 2026, reporting a 68x year-over-year surge in AI API calls while filling key gaps in robotics, intelligent office tools, and overseas AI expansion. The moves signal a strategic shift from model capability output to systematic industry solution delivery.
07/18, 16:52
AI SHANGHAI City Communication Agent Debuts at WAIC 2026: One-Stop Intelligent Service for Global Visitors
During the 2026 World AI Conference (WAIC) in Shanghai, the AI SHANGHAI city communication agent was officially unveiled, designed to provide one-stop intelligent services for global visitors to the city. The agent integrates city information navigation, multilingual interaction, and smart Q&A capabilities as the latest showcase of Shanghai's digital transformation.
07/18, 16:17
China Telecom's TeleAI Unveils 'AI Flow' Network at WAIC: Drones Beam Tokens Directly via Satellite, Wins Top Award
TeleAI, the AI research institute of China Telecom, unveiled the 'AI Flow' technology framework at WAIC 2026, enabling lightweight drones to connect directly to satellites by encoding video into compact token sequences for real-time HD transmission. The system received WAIC's highest honor, the SAIL Award, the day before its public debut.