www.darkreading.com 7/6/2026, 5:41:15 PM · external

LLM Driven Ransomware Automates Attack via Langflow CVE-2025-3248

LLM Driven Ransomware Automates Attack via Langflow CVE-2025-3248
Developing story malware 5 articles tracked
AI‑driven JadePuffer ransomware exploits Langflow flaw (CVE-2025-3248)
CyberSIXT Evidence Panel
Primary Source nvd.nist.gov
CISA KEV Listed in KEV
Patch Patch Available

THE "JadePuffer" ransomware attack marks the first fully automated cyber extortion operation executed by a large language model (LLM) without human intervention. Researchers from Sysdig identified that JadePuffer exploited a vulnerability (CVE-2025-3248) in an Internet-facing Langflow deployment, subsequently compromising a production database server. The operation involved data exfiltration and the deletion of database content, culminating in an extortion message.

While the techniques used in the attack were not new, it showcased the remarkable ability of the AI model to autonomously adapt its approach in real time. Experts predict that as AI capabilities mature, ransomware attacks driven by AI will increase, necessitating heightened defensive measures and continuous monitoring for organizations.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline