Loading Now

New AI agent can hack systems and deploy ransomware without human help

New AI agent can hack systems and deploy ransomware without human help

New AI agent can hack systems and deploy ransomware without human help


Ransomware attacks have plagued the internet for decades, with a human planning the attack, writing the code, launching the attack and negotiating the ransom. However, a new report suggests that AI agents may now be capable of carrying out an entire ransomware attack on their own.

As per a report by cloud security company Sysdig, it has documented the first-ever documented case of agentic ransomware where the complete attack was run end-to-end by a large language model (LLM).

“JADEPUFFER is a warning sign. It’s a marker of where extortion tradecraft is heading. An autonomous agent reasoned about its targets, harvested and reused credentials, moved laterally, established persistence, and destroyed a database, narrating its own intent the entire way,” researchers warned in a blog post.

How did the attack work?

The AI-powered threat actor, dubbed JADEPUFFER, was able to gain access to an internet-facing Langflow server through the critical vulnerability CVE-2025-3248, which attackers used to execute arbitrary Python code remotely.

After getting inside the system, the AI agent reportedly started gathering information about the host, scanning for cloud credentials, extracting cloud secrets, while scanning the victim’s internal network for additional systems.

However, the most striking part of the ransomware was its ability to reason through a problem when it hit a wall.

“The most precise evidence of autonomy is not what the LLM did when things worked, but what it did when things failed, and how fast,” the researchers wrote.

In one instance, when the AI failed to gain access to a backdoor administrator account on the target server, it diagnosed the issue, generated new code, recreated the account using a different password and successfully logged in, all within 31 seconds.

The researchers say they observed similar behaviour throughout the attack. When an exploitation technique failed, the AI modified its approach instead of repeating the same commands, suggesting that it is capable of analysing failures and adjusting its strategy on the go.

Sysdig also noted that many of the attack scripts contained detailed natural-language comments explaining why each step was being performed, something the researchers say is typical of code generated by large language models but uncommon in malware written by humans.

The researchers argue that AI agents could make sophisticated cyberattacks accessible to less-skilled threat actors while also dramatically increasing the speed at which known vulnerabilities can be exploited.

“None of the individual techniques were novel or sophisticated. What is notable, however, is that an AI model strung them together into a complete ransomware operation against neglected internet-facing infrastructure,” the researchers wrote.

“The skill floor for running ransomware has dropped to whatever it costs to run an agent, and if that agent is running on stolen credentials through LLMjacking, the cost to an attacker is close to zero,” they added.

Post Comment