securityonline.info 7/10/2026, 8:41:42 AM · external

JADEPUFFER Marks the First AI-Driven Agentic Ransomware Attack

JADEPUFFER Marks the First AI-Driven Agentic Ransomware Attack
Developing story malware 6 articles tracked
AI‑driven JadePuffer ransomware exploits Langflow flaw (CVE-2025-3248)
CyberSIXT Evidence Panel
Primary Source webflow.sysdig.com
CISA KEV Listed in KEV
Patch Patch Available

THE article discusses the JADEPUFFER ransomware, identified as the first agentic ransomware operation, executed entirely by an AI agent without human intervention. The threat, assessed by Sysdig, targeted a production MySQL and Alibaba Nacos server, encrypting 1,342 configuration items. The attack initiated through an unauthenticated RCE vulnerability in Langflow (CVE-2025-3248), which allowed the AI to map systems and steal credentials.

The ransomware operates in two stages: first, gathering sensitive information and then exploiting database vulnerabilities to execute its payload. Key defenses recommended include patching vulnerabilities, securing credentials, and using runtime threat detection to prevent similar attacks.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline