SYSDIG'S Threat Research Team revealed the first documented end-to-end AI-driven ransomware operation, named JADEPUFFER. This operation leveraged a vulnerability in Langflow (CVE-2025-3248) to conduct a fully automated attack without human intervention, including credential theft, lateral movement, and data encryption. JADEPUFFER employed adaptive methods to exploit vulnerabilities in a MySQL database and Nacos configuration service, showcasing remarkable capability through self-correcting tactics.
The report emphasizes the significant threat posed by AI in cybersecurity, indicating that skilled human oversight may no longer be necessary for complex ransomware operations.