Most popular now

For the First Time, an AI Agent Independently Deployed Ransomware

AI created and spread virus
Штучний інтелект спромігся самостійно запустити програму-вимагача. Photo: НВ — Техно

The JadePuffer Incident

According to НВ — Техно: On July 7, 2026, at 4:00 PM, TechCrunch reported the first known case of an autonomous AI agent being used to carry out a ransomware attack. Dubbed JadePuffer, the operation raised alarms due to the agent's speed and its potential for scaling. Although the attack was not fully automated, experts at Sysdig noted that a human selected the target, configured the command-and-control servers, and stored the stolen data, while the AI independently executed the technical aspects of the breach.

Michael Clark, Director of Cyber Threat Research at Sysdig, stated that the agent did not steal new data but instead leveraged credentials that had already been compromised. During the attack, the agent exploited a vulnerability in the open-source tool Langflow to infiltrate a MySQL server, where it gained administrator privileges and encrypted over 1,300 configuration records. It then left a ransom note along with a Bitcoin wallet address. Sysdig has not disclosed the identity of the victim.

Attack Speed and Emerging Threats

After an initial failed login attempt, the agent found a workaround in just 31 seconds. Among the stolen data, access keys to OpenAI, Anthropic, DeepSeek, and Gemini services were discovered, though this does not mean those models controlled the attack. Sysdig was unable to determine which specific model powered JadePuffer, and researchers remain unaware of the agent's initial settings or system prompts. Microsoft researcher Jeff McDonald suggested that the attack may have been driven by an open-weight model with safety mechanisms disabled. However, Sysdig's data neither confirms nor refutes this hypothesis.

McDonald also warned that such agents could enable thousands of simultaneous attacks. Even so, humans would still need to choose targets, set up infrastructure, and ensure initial access.

“What stood out most was not the complexity of the methods, but the speed of the agent,” noted Sysdig researchers.

The situation remains challenging, said Volodymyr Zelenskyy.

The JadePuffer case highlights the new cybersecurity challenges posed by autonomous AI agents. While the attack was not fully automated, the AI's speed could significantly boost the efficiency of cyberattacks. This may lead to new standards for protecting information systems, requiring companies to strengthen security measures and rethink their approaches to cyber defense. In light of this, it is crucial to examine potential vulnerabilities in systems that malicious actors could exploit to launch similar attacks in the future.

The emergence of autonomous AI agents like JadePuffer highlights a growing trend in cyber threats, where even novice hackers can leverage advanced technologies for malicious purposes. This development raises significant concerns about the accessibility of hacking tools and the implications for cybersecurity. To explore how AI is transforming the landscape of cybercrime and empowering beginners to become hackers, read more in our article on the new level of cyber threats.

Read also

Advertisement