www.securityweek.com 7/3/2026, 11:32:41 AM · external

Agentic AI Used to Conduct Ransomware Attack via Langflow

Agentic AI Used to Conduct Ransomware Attack via Langflow
Developing story campaign 2 articles tracked
AI-driven ransomware attack exploits Langflow vulnerability (CVE-2025-3248)
CyberSIXT Evidence Panel
Primary Source sysdig.com
CISA KEV Listed in KEV
Patch Patch Available
Threat Actor
JadePuffer

A ransomware attack was carried out by a threat actor known as JadePuffer, who exploited a critical vulnerability (CVE-2025-3248) in the open source Langflow framework, which is designed for LLM-driven applications. The vulnerability allowed JadePuffer to run arbitrary Python code, facilitating access to sensitive data including API keys and database credentials.

Following reconnaissance, the attacker pivoted to a production server linked to a MySQL database and Nacos, exploiting multiple vulnerabilities to inject a backdoor and encrypt configuration files. Notably, the attack showcased the ability of LLMs to adapt and respond to challenges in real-time, signaling a rise in such AI-driven threats. The cybersecurity firm Sysdig warns of increasing risks associated with similar agentic attacks and advises on hardening defenses for exposed servers and databases.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline