Dangerous Precedent: AI Agent Executes Full Ransomware Attack Without Human Intervention
Cybersecurity researchers at Sysdig have reported what may be the first fully autonomous AI agent ransomware attack, named JadePuffer, which exploited known vulnerabilities and adapted to obstacles without human intervention, signaling a new era in cyberattacks.
Cybersecurity researchers have uncovered what may be the first ransomware attack carried out almost entirely by an AI agent without continuous human intervention, a development that could represent a turning point in future cyberattack methods.
According to cloud security company Sysdig, researchers detected an attack they named JadePuffer, believed to have used an agent powered by a large language model (LLM) to autonomously execute most stages of the attack, from system infiltration to data encryption and ransom demand.
Researchers believe that if these findings are confirmed, AI is no longer limited to writing malicious code but can now plan attacks, adapt to obstacles, and execute them in real time, according to a report published by Digital Trends and seen by Al Arabiya Business.
Exploited a Known Vulnerability Then Moved Autonomously
According to Sysdig's report, the attack began by exploiting the security vulnerability CVE-2025-3248, a remote code execution flaw in the open-source Langflow platform used for developing AI model-based applications.
This vulnerability had been patched in April 2025, before the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its list of flaws actively exploited in cyberattacks.
After breaching the system, the AI agent executed a full chain of operations typically performed by professional hackers, including gathering information about targeted devices, searching for login credentials and sensitive files, extracting cloud service credentials, analyzing storage resources, and then moving laterally to other systems within the victim's infrastructure.
Adapted to Errors Without Human Intervention
Notable in the attack was not just the automation of processes, but the system's ability to adapt to problems during execution.
Researchers explained that during one phase, the AI agent encountered an unexpected XML-formatted response when communicating with a MinIO data store, but it did not stop; instead, it automatically adjusted its data parsing mechanism and then re-executed the task using a different method until it succeeded.
Researchers also observed a failed login attempt that the system automatically corrected within just 31 seconds, without any human intervention.
Data Encryption and Bitcoin Ransom Demand
After establishing persistence within the network by creating scheduled tasks (Cron Jobs), the AI agent moved to a production server running the Alibaba Nacos platform, where it exploited vulnerability CVE-2021-29441 to create fake admin accounts.
In the final stage, it encrypted 1,342 records of Nacos platform configurations, then deleted the original data and replaced it with a message demanding a ransom in Bitcoin.
Indicators Reveal AI's Role
Researchers noted several indicators supporting the hypothesis that the attack was AI-generated, including comments within the code that explained in detail the reasons for each step in natural language—unusual for traditional malware.
The ransom note also contained a Bitcoin wallet address typically used as an example in educational documentation, not a real address for receiving funds. Additionally, the software claimed to use AES-256 encryption, but analyses indicate it likely used AES-128 in ECB mode.
New Phase of Cyberattacks
These findings come at a time when cybersecurity experts are warning about the rise of so-called Agentic AI—systems that do not just respond to commands but can plan, make decisions, and execute complex tasks independently.
Although JadePuffer did not invent new hacking techniques and relied on previously known vulnerabilities, its ability to execute reconnaissance, privilege escalation, persistence, and ransomware deployment without human intervention marks a significant evolution in offensive AI capabilities.
Sysdig believes this incident signals the emergence of what could be described as 'AI agent-based attackers,' which may lower the level of technical expertise required to carry out sophisticated cyberattacks.
On the other hand, researchers point out that AI-generated attacks may leave distinctive behavioral patterns and software characteristics, which could help cybersecurity teams develop new methods to detect and counter them.
The report concludes by emphasizing that updating systems, patching vulnerabilities, and securing cloud credentials will remain critical protective measures, even as AI enters a new phase of cyberattacks.
Sponsored content
Sponsored content
Original source: Al Arabiya
Comments (0)
Be the first to comment.