03 Jul 2026, 16:59
Sysdig describes how an AI-automated agent ransomware attack was carried out
- Sysdig provided details about the first documented ransomware-attack, carried out by an AI agent without using any known encryption keys.
- JADEPUFFER, based on its developers’ findings, used Langflow to generate blocks of data that, by triggering a series of actions, encrypted a victim’s production database and mined Bitcoin.
- In the material, it is stated that the agent was able to generate an encrypted file, without being able to provide the encryption key.
Sysdig researchers provided details about the first documented ransomware attack, in which the agent used an automated execution of the attack chain without using any known encryption keys. The material also notes that the agent used JADEPUFFER.
According to Sysdig, JADEPUFFER was able to access a vulnerable server, find the database blocks for incoming traffic, and then, using a series of actions, encrypt the victim’s production database while mining Bitcoin.
The researchers also explain that the attack was carried out through Langflow — an open-source toolkit for building AI-based agents. The material says that the agent exploited CVE-2025-3248, but at the same time at that moment “it was not clear” what exactly the problem was.
After gaining access, the agent, according to Sysdig, created secrets on the host, which contained the AI agent’s credentials, and then, using a script, used them to steal the secrets from the system. The researchers also note that the agent managed to obtain a root shell without being able to provide the encryption key. At the same time, Sysdig states that it was unable to determine how the agent obtained the root shell.
Sysdig also explains how JADEPUFFER’s internal configuration settings were used to access the host, after which the agent encrypted the victim’s production database while mining Bitcoin. The material also notes that the agent generated an encrypted file, and then, according to Sysdig, it managed to open a root shell on the host without being able to provide the encryption key.
In a statement to The Next Web, published with a Sysdig report, it is noted that the agent was able to upload the attack chain without using the encryption keys. It is also noted that Sysdig managed to observe more than 600 unique command lines.
Tags: Crime/Technology/AI