Skip to content

An AI Agent Ran a Ransomware Attack on Its Own

Johannes Keienburg Johannes Keienburg , CEO & Founder
Published July 8, 2026
Copied

For the first time, researchers have documented an AI agent running a full ransomware attack by itself. In July 2026, the security firm Sysdig published the case and named it JadePuffer. The agent got in through Langflow, an open-source framework for building AI agents. It exploited a flaw (CVE-2025-3248) that let it run code without logging in.

1One Agent Did the Whole Attack

A ransomware attack normally takes a team of people. This time one AI agent did all of it.

An autonomous agent reasoned about its targets, harvested and reused credentials, moved laterally, established persistence, and destroyed a database, narrating its own intent the entire way.

Sysdig Threat Research Team

It even fixed its own mistakes. When a login failed, the agent found the problem and had a working fix in 31 seconds. It locked 1,342 records in the company's database. The agent made the key that could unlock them and threw it away. Now the data is gone for good, even if the ransom is paid.

2Now It Costs Almost Nothing to Run

What should worry defenders most is the cost.

The skill floor for running ransomware has dropped to whatever it costs to run an agent, and if that agent is running on stolen credentials through LLMjacking, the cost to an attacker is close to zero.

Sysdig Threat Research Team

The agent used stolen credentials to move from one system to the next. Nothing checked whether it was allowed to. That is how one exposed server turned into a full breach.

Source: Sysdig Threat Research Team, "JADEPUFFER: Agentic ransomware for automated database extortion", July 2026.