Researchers at cloud security firm Sysdig say they have documented what may be the first known case of agentic ransomware — a cyberattack where an AI agent carried out much of the technical work usually done by a human hacker.
The operation, called JadePuffer, involved an AI agent breaking into a vulnerable server, stealing data, moving through the target’s network, encrypting files, and writing a ransom note.
Early reports described the attack as fully automated, with “no human at the keyboard.” But Sysdig later clarified that a human was still involved in setting up the operation.
According to Sysdig’s Michael Clark, a person chose the victim, prepared the infrastructure, and provided the credentials used to access the victim’s database. The AI agent did not obtain those credentials by itself.
Still, the technical details of the attack are significant.
The agent reportedly entered through a known vulnerability in Langflow, an open-source tool used to build LLM applications. It then moved to a production MySQL server, exploited another known flaw, gained admin access, and encrypted more than 1,300 configuration records.
The agent also wrote its own ransom note and included a Bitcoin address for payment.
What made the attack stand out was not the complexity of the techniques, but the speed and level of automation. In one case, the agent fixed a failed login attempt in just 31 seconds, while writing comments that explained its reasoning.
Sysdig also clarified that API keys for companies such as OpenAI, Anthropic, DeepSeek, and Gemini were found during the attack, but this does not mean those models powered the operation. The keys were part of the stolen data, not proof of which AI model was used.
The company said it could not identify the specific model behind JadePuffer and does not know the system prompt or configuration used by the attacker.
Some security researchers believe the attack may have been powered by an open-weight AI model with safety protections removed, rather than a frontier model from a major AI lab. However, Sysdig has not confirmed this.
The case raises new concerns about the future of cybercrime. If AI agents can handle more of the technical work involved in ransomware attacks, attackers may be able to run campaigns faster and at a lower cost.
However, the attack was not fully independent. A human still played a key role in choosing the target, setting up the infrastructure, and supplying access credentials.
For now, JadePuffer shows that AI is not replacing human cybercriminals completely. But it is making parts of their work faster, cheaper, and more automated.
Read the article in












