Technologist Mag
  • Home
  • Tech News
  • AI
  • Apps
  • Gadgets
  • Gaming
  • Guides
  • Laptops
  • Mobiles
  • Wearables
  • More
    • Web Stories
    • Trending
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On
How Claude helped my 65-year-old dad finally ditch his handwritten ledgers

How Claude helped my 65-year-old dad finally ditch his handwritten ledgers

6 July 2026
AI agent reportedly carried out an entire ransomware attack on its own

AI agent reportedly carried out an entire ransomware attack on its own

6 July 2026
America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

6 July 2026
Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

5 July 2026
EV batteries are lasting much longer than the industry expected

EV batteries are lasting much longer than the industry expected

5 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Technologist Mag
SUBSCRIBE
  • Home
  • Tech News
  • AI
  • Apps
  • Gadgets
  • Gaming
  • Guides
  • Laptops
  • Mobiles
  • Wearables
  • More
    • Web Stories
    • Trending
    • Press Release
Technologist Mag
Home » AI agent reportedly carried out an entire ransomware attack on its own
Tech News

AI agent reportedly carried out an entire ransomware attack on its own

By technologistmag.com6 July 20263 Mins Read
AI agent reportedly carried out an entire ransomware attack on its own
Share
Facebook Twitter Reddit Telegram Pinterest Email

Cybersecurity researchers say they have documented what could be the first ransomware attack carried out almost entirely by an autonomous AI agent, marking a significant shift in how cyberattacks could be conducted in the future. According to cloud security firm Sysdig, they have uncovered a ransomware operation dubbed JadePuffer that appears to have relied on a large language model (LLM) agent to perform nearly every stage of the attack without continuous human intervention.

If confirmed, the incident suggests AI is moving beyond writing malicious code and into actively planning, adapting, and executing cyberattacks in real time.

JadePuffer adapted to obstacles much like a human hacker

According to Sysdig’s findings, JadePuffer began by exploiting CVE-2025-3248, a remote code execution vulnerability in Langflow, an open-source framework used to build LLM-powered applications. The flaw, patched in April 2025, was later added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of vulnerabilities known to be exploited in the wild.

Once inside the system, the AI agent reportedly carried out a full attack chain that security researchers typically associate with experienced human operators. It collected host information, searched for credentials and sensitive files, extracted cloud secrets, and mapped storage resources before moving laterally through the victim’s infrastructure.

What stood out wasn’t simply the automation – it was the adaptability.

According to the Sysdig report, the researchers observed the AI agent responding dynamically when certain commands failed. In one instance, the malware encountered an unexpected XML response while querying a MinIO object store. Instead of failing, the agent modified its parsing logic and retried using a different approach. Researchers also documented a failed login attempt that was automatically corrected within 31 seconds, without requiring human input.

The AI later established persistence by creating scheduled cron jobs before pivoting to a production server running Alibaba Nacos, where it exploited CVE-2021-29441 to create rogue administrator accounts. It eventually encrypted 1,342 Nacos configuration records, deleted the original data, and replaced it with a ransom note demanding payment in Bitcoin.

Interestingly, researchers found several signs suggesting the operation was AI-generated. The malicious code contained unusually detailed natural-language comments explaining its own reasoning, while the ransom note referenced a Bitcoin wallet commonly used as an example in documentation rather than a genuine payment address. Sysdig also believes the malware likely used AES-128 in ECB mode, despite claiming AES-256 encryption.

ransomware

The findings arrive as cybersecurity experts increasingly warn about the emergence of agentic AI, where AI systems can independently plan and execute complex tasks rather than simply responding to prompts. While JadePuffer still exploited known vulnerabilities rather than inventing new attack methods, the ability to autonomously perform reconnaissance, privilege escalation, persistence, and ransomware deployment represents a notable escalation in offensive AI capabilities.

Sysdig says the incident demonstrates that “agentic threat actors” have effectively arrived, potentially lowering the technical expertise required to launch sophisticated cyberattacks. At the same time, researchers note that AI-generated attacks may also leave distinct behavioural patterns and coding characteristics that defenders can use to build new detection techniques.

For organizations, the report serves as another reminder that patching internet-facing systems and securing cloud credentials remain essential – even as the attackers themselves begin to change.

Share. Facebook Twitter Pinterest LinkedIn Telegram Reddit Email
Previous ArticleAmerica’s 250th anniversary time capsule includes an iPhone 17 Pro Max
Next Article How Claude helped my 65-year-old dad finally ditch his handwritten ledgers

Related Articles

How Claude helped my 65-year-old dad finally ditch his handwritten ledgers

How Claude helped my 65-year-old dad finally ditch his handwritten ledgers

6 July 2026
America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

6 July 2026
Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

5 July 2026
EV batteries are lasting much longer than the industry expected

EV batteries are lasting much longer than the industry expected

5 July 2026
AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

5 July 2026
Garvee Makes Premium Home Cooling More Affordable This Summer

Garvee Makes Premium Home Cooling More Affordable This Summer

5 July 2026
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Don't Miss
AI agent reportedly carried out an entire ransomware attack on its own

AI agent reportedly carried out an entire ransomware attack on its own

By technologistmag.com6 July 2026

Cybersecurity researchers say they have documented what could be the first ransomware attack carried out…

America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

America’s 250th anniversary time capsule includes an iPhone 17 Pro Max

6 July 2026
Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

Google executive ports Command & Conquer Generals: Zero Hour to iPhone and Mac using Claude

5 July 2026
EV batteries are lasting much longer than the industry expected

EV batteries are lasting much longer than the industry expected

5 July 2026
AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

5 July 2026
Technologist Mag
Facebook X (Twitter) Instagram Pinterest
  • Privacy
  • Terms
  • Advertise
  • Contact
© 2026 Technologist Mag. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.