BREAKING
🍽️ Fort Kochi restaurant changing Kerala cuisine · 🛍️ Lulu Mall biggest sale this weekend · 🎨 Kochi artist sells at international auction · 🚇 Metro Phase 3: 11 new stations announced · ☕ Specialty coffee scene arrives in Kochi · 🌙 Jew Town night market every Saturday from 7pm · 🏖️ Cherai Beach: the perfect Kochi day trip · 🎭 Kochi Street Food Festival returns in June · 🛒 Reliance Trends: 40% off ethnic wear this week · 🥟 Shifu's Momos, Panampilly Nagar — Kochi's cult momo spot🍽️ Fort Kochi restaurant changing Kerala cuisine · 🛍️ Lulu Mall biggest sale this weekend · 🎨 Kochi artist sells at international auction · 🚇 Metro Phase 3: 11 new stations announced · ☕ Specialty coffee scene arrives in Kochi · 🌙 Jew Town night market every Saturday from 7pm · 🏖️ Cherai Beach: the perfect Kochi day trip · 🎭 Kochi Street Food Festival returns in June · 🛒 Reliance Trends: 40% off ethnic wear this week · 🥟 Shifu's Momos, Panampilly Nagar — Kochi's cult momo spot
Business

The First Ransomware Attack Run by an AI Agent, Not a Human

Researchers at Sysdig say JADEPUFFER is the first ransomware operation run almost entirely by an autonomous AI agent, which broke in, stole credentials and extorted a database on its own.

Abhinav Kumar·8 July 2026·3 min read
The First Ransomware Attack Run by an AI Agent, Not a Human

Security researchers say they have pulled apart the first ransomware attack that ran almost entirely on its own, with an artificial-intelligence agent handling the break-in, the theft and the extortion while no human sat at the keyboard for the parts that mattered.

The attack, named JADEPUFFER by the threat-research team at cloud-security firm Sysdig, has set off alarms across the industry because of what it signals rather than the damage it did. Sysdig calls the operator an "agentic threat actor", a break from the usual model, where a person drives a toolkit. Here, the toolkit drove itself.

How it played out

According to Sysdig's write-up, the agent got its foot in the door through an internet-facing instance of Langflow, an open-source tool for building AI workflows, exploiting a known flaw tracked as CVE-2025-3248. That bug carries a near-maximum severity score and was patched last year, but the target had not applied the fix, the same tired story behind most breaches.

From there the AI did what a competent human intruder would do, only faster. It ran reconnaissance, harvested credentials, moved sideways through the network, dug in for persistence, escalated its privileges and finally reached for the production database. It encrypted 1,342 configuration items in a service-discovery tool called Nacos, then deleted the originals and left a ransom table behind.

What convinced researchers a machine was in charge was the running commentary. The decoded payloads are stuffed with plain-English notes explaining each move, weighing which database was the "largest," ranking targets by likely payout, narrating why a step was worth taking. Human attackers do not talk to themselves like that. Language models, left to generate their own code, do it by default.

Faster than a person, and cheaper

The speed is the part that unnerves defenders. In one sequence, Sysdig says, the agent hit a failed login, diagnosed the problem and produced a working fix in 31 seconds. It adapted to obstacles in real time and retried with adjusted parameters, the way a seasoned operator would after a cup of coffee and a few minutes of thought.

The strategic worry is arithmetic. For as long as ransomware has existed, the number of campaigns a crew could run was capped by how many people it could hire. Take the human out of the loop and that ceiling lifts. As Sysdig puts it, attacks can now scale bounded mainly by an attacker's budget, with little to stop a well-funded group from running thousands of intrusions at once.

None of the frontier AI labs powered the attack directly; the API keys found in the wreckage were stolen credentials, not the engine behind it. That distinction matters legally, but it is cold comfort operationally. The capability is loose.

Sysdig's advice is unglamorous and familiar: patch Langflow, keep it off the open internet, store secrets in a dedicated manager, harden Nacos and lock down database admin accounts. The tooling has changed. The hygiene that stops it has not.

Share
#AI Security
AK

Written By

Abhinav Kumar

Part of the Haila Kochi editorial team — covering the food, business, culture, and people that make Kochi what it is.

You Might Also Like

Alibaba Bans Claude Code as Its Feud With Anthropic Goes Public
Business

Alibaba Bans Claude Code as Its Feud With Anthropic Goes Public

Anthropic Brings Back Claude Fable 5 After a Government Shutoff
Business

Anthropic Brings Back Claude Fable 5 After a Government Shutoff