Sysdig Documents First Agentic Ransomware 'JadePuffer'

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Sysdig's Threat Research Team documented what they assess to be the first-ever agentic ransomware operation, dubbed "JadePuffer," in which an AI agent ran a fully autonomous end-to-end extortion campaign that adapted in real time and retried steps on its own
- The operator exploited CVE-2025-3248, an unauthenticated RCE in internet-facing Langflow servers running versions prior to 1.3, as its initial entry point before escalating to credential theft and database ransomware deployment
- Once inside, the AI agent handled lateral movement, harvested credentials, and deployed ransomware on production databases — work that Sysdig said was completed without a human operator steering it
- Per Cyber Security News coverage, the campaign used Base64-encoded Python payloads to exfiltrate cloud and API keys from compromised environments
- More than a dozen outlets — including The Register, CSO, SecurityWeek, The Hacker News, The Independent, The Decoder and SC Media — converged on framing the incident as the first end-to-end ransomware attack automated by an AI agent
- LinkedIn post from Geoff McDonald called the attack "a very important GenAI cybersecurity threshold" crossed "for the world," while The Independent ran with an AI executing a cyber attack "without any human oversight for the first time"
Why it matters: A single unpatched Langflow server sitting open on the internet was all it took to hand an attacker a fully autonomous extortion operator — turning ransomware from tool-assisted into AI-orchestrated and compressing the time between breach and ransom demand to machine speed.




