Cybersecurity researchers at Sysdig have identified what appears to be the first known case of agentic ransomware, where an AI agent carried out the technical steps of an extortion campaign. The system, called JadePuffer, moved through a vulnerable server, accessed credentials, spread across the network, encrypted files, and generated its own ransom note.
Sysdig later clarified an important detail: a human was still involved in planning the operation. According to the company's threat research team, a person selected the target, prepared the infrastructure, and supplied the credentials used to enter the victim environment. The AI handled execution, but the broader campaign was not entirely autonomous.
The attack began with a known flaw in Langflow, an open-source platform for building LLM applications. From there, the agent reached a production MySQL server, used another vulnerability to gain admin access, and encrypted more than 1,300 configuration records. It also left behind a Bitcoin address for payment and adapted quickly when a login attempt failed, resolving the issue in just 31 seconds.
Sysdig said the agent also searched the compromised host for valuable data such as API keys, cloud credentials, wallets, and database settings. While earlier reporting suggested multiple AI models may have been involved, the company later explained that the stolen keys were part of the loot, not proof of which model made the decisions.
The specific model behind JadePuffer remains unidentified, and the case has renewed interest in how quickly AI systems can accelerate cyber operations when paired with human planning. As these tools become more accessible, the future of digital security may increasingly depend on how well defenses can match machine-speed threats.