04
An AI agent ran a full ransomware attack on its own
breakthroughDeveloperLegal
Tuesday, July 7, 2026
Confidence
High · — vendor primary + 3 corroborating
Evidence
Sysdig threat report + TechCrunch reporting with on-record clarification + trade corroboration
Sysdig documented an extortion campaign, dubbed JadePuffer, where an LLM agent — not a human — executed the entire technical middle of a ransomware attack.
- Sysdig said an agent broke into a server, stole credentials, moved laterally, encrypted files, and wrote its own ransom note, adapting to obstacles as it went.
- A human still chose the victim and provisioned the infrastructure; everything downstream of that ran itself.
- It exploited CVE-2025-3248, an unauthenticated RCE in Langflow, and in one sequence went from a failed login to a working fix in 31 seconds.
Sources