Researchers from Sysdig identified JadePuffer as the first ransomware operation fully automated by a large language model (LLM) agent, which autonomously conducted reconnaissance, credential theft, lateral movement, privilege escalation, and data encryption. The AI-powered attack exploited a remote code execution flaw in Langflow to access targets, adapt to failures in real time, and encrypt over 1,300 MySQL configuration items, illustrating the emergence of agentic threat actors lowering the barrier for complex cyberattacks.
JadePuffer Ransomware Used AI Agent to Automate Entire Attack

