AI Agent Executes End-to-End Ransomware Attack

Researchers at Sysdig have documented what they describe as the first observed end-to-end ransomware operation carried out autonomously by an AI agent, dubbed JadePuffer. The agent exploited a known vulnerability in Langflow (CVE-2025-3248), harvested credentials, moved laterally across the network, established persistence, and encrypted more than 1,300 database records before demanding a Bitcoin ransom. According to the researchers, the AI demonstrated adaptive decision-making by diagnosing failed actions and generating corrected payloads without human intervention, highlighting a new level of automation in cyberattacks. While experts view the campaign as an evolution of existing attack techniques rather than a fundamentally new threat, they warn that autonomous AI agents could significantly accelerate ransomware operations and reinforce the need for behavior-based detection and response.

Reference: csoonline.com