Security firm Sysdig describes an extortion attack where a language model broke in on its own, stole credentials, and destroyed databases. No human appeared to be at the controls.
Ransomware has always been a hands-on job. A person planned the attack, picked targets, and wrote or generated the scripts. According to a report from the threat research team at cloud security firm Sysdig, an AI agent has now taken over that entire role for the first time. The researchers named the attacker JADEPUFFER and call it an "agentic threat actor" whose attack capability comes from an AI model, not a person.
The initial entry came through a known vulnerability (CVE-2025-3248) in Langflow, a widely used tool for building AI applications. The flaw lets attackers run their own code on the server without a password. Langflow had already patched it in April 2025, meaning a fix had been available for over a year. Shortly after, the US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its catalog of actively exploited vulnerabilities, effectively an official warning to update immediately.
In this case, the patch was never applied. The agent exploited the flaw and worked its way forward from that first server. It collected credentials, set up persistent access, and eventually hit a separate production server running a MySQL database, the actual target.










