Ransomware has always needed a skilled human somewhere in the loop. Security firm Sysdig says that just changed. It has documented what it calls the first ransomware attack run from start to finish by an AI agent, with no human at the keyboard.

The researchers named the attacker JADEPUFFER, and say a large language model handled the entire job. It broke in, stole credentials, moved deeper into the network, planted a backdoor, then encrypted and destroyed a company’s production database. Sysdig’s Threat Research Team laid out the case in a detailed write-up.

JADEPUFFER slipped in through an old, boring door. It exploited a year-old, already-patched flaw in Langflow, an open-source tool for building AI apps. The bug lets anyone who can reach the server run code on it.

Plenty of Langflow boxes still sit exposed online. They often hold the API keys and cloud credentials for the services they connect to. That makes them a soft first target.

A machine at the keyboard