AI agent exploits Langflow in first fully autonomous ransomware attack
Cloud security company Sysdig Inc. has documented what it says is the first ransomware operation carried out from start to finish by an autonomous artificial intelligence agent, a campaign it calls JadePuffer.
Sysdig’s Threat Research Team spelled out its findings in research published last week. A large language model ran the whole intrusion. It broke into an exposed server, harvested credentials, pushed deeper into the network and finally encrypted and wiped a company’s production database.
Ransomware has always kept a person in the loop, at the keyboard, or at least behind the script the malware runs. Cut that person out and the price of an attack drops to whatever it costs to rent an agent.
In the case researchers detail, JadePuffer forced its way in through CVE-2025-3248, a critical flaw in Langflow. Langflow is the open-source framework many teams lean on to build AI apps and agent workflows. The bug rates 9.8 for severity, near the top of the scale. A fix had shipped well before the attack and authorities added the flaw to their list of exploited bugs in May 2025. Scores of exposed instances were never updated anyway.










