TL;DRSecurity firm Sysdig says it documented the first fully agentic ransomware attack, dubbed JadePuffer, in which an AI agent planned and executed an entire database-extortion operation with no human at the keyboard. The agent exploited a Langflow flaw, moved laterally, encrypted 1,342 config items, and diagnosed a failed login in 31 seconds, but never saved the decryption key, making recovery impossible.

Security firm Sysdig says it has documented the first ransomware attack run end to end by an AI agent, first reported by Business Insider. A large language model planned, executed, and adapted the entire operation, which Sysdig has named JadePuffer.

The agent chained together every stage of the attack, from reconnaissance and credential theft to lateral movement and data encryption. It did so with no human directing the keyboard, according to the company’s threat research team.

The intrusion began by exploiting a known Langflow remote-code-execution flaw to harvest cloud and AI-provider credentials. The agent then compromised a production database, encrypting 1,342 configuration items and leaving a ransom note.

The 💜 of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!The clearest sign of autonomy came when an admin login failed, and the agent diagnosed the problem and issued a working fix in 31 seconds. More than 600 payloads across the campaign carried plain-language comments explaining the agent’s own reasoning, per BleepingComputer.