Jakarta, INTI - Cybersecurity researchers from cloud security company Sysdig have documented what they describe as the world's first ransomware attack carried out by an AI agent, known as JadePuffer.
The attack has gained significant attention because, for the first time, an AI agent was able to execute the technical stages of a cyberattack from start to finish, from initial compromise to generating a ransom note, without human intervention during the hacking process.
The JadePuffer AI agent was capable of exploiting vulnerable servers, stealing credentials, moving laterally across the targeted network, encrypting files, and even generating its own ransom demands. It adapted to obstacles along the way in a manner similar to human attackers.
Sysdig described the operation as a ransomware campaign conducted "without human oversight", with "no human behind the keyboard" during the execution phase.
Human Involvement Remained at the Initial Stage
The JadePuffer operation represents a new milestone in automated cyber threats, although human involvement remained a critical factor behind the scenes.
Sysdig Senior Director of Threat Research Michael Clark clarified that the AI agent was not completely autonomous during the planning phase. Human operators were still involved in selecting the target and preparing the infrastructure before the automated attack process began.
"A human was still responsible for setting up and directing the operation, providing supporting infrastructure, command servers, stolen data servers, and most importantly, selecting the attack target," Clark explained.
The credentials or decryption keys required to unlock the ransomware-encrypted databases were also obtained through separate human-led compromises, rather than being independently acquired by the AI system.
Attack Methodology and Future Cybersecurity Challenges
During the attack, the JadePuffer ransomware agent exploited a known vulnerability in Langflow, an open-source tool for building large language model (LLM) applications. It then moved to a production MySQL server and exploited another known vulnerability to gain administrative access.
The AI agent encrypted more than 1,300 configuration records and generated its own ransom note, including a Bitcoin address for payment. Sysdig has not disclosed the identity of the targeted organization or entity.
While the techniques used were relatively conventional, researchers highlighted the speed and level of automation as the most notable aspects of the attack. JadePuffer reportedly fixed failed login attempts within 31 seconds while documenting its own reasoning through natural-language code comments throughout the process.
Discovery of OpenAI, Anthropic, DeepSeek, and Gemini APIs
Researchers also discovered API credentials belonging to OpenAI, Anthropic, DeepSeek, and Gemini among the stolen data, indicating that the AI-powered attack targeted valuable digital assets belonging to the victim.
Microsoft researcher Geoff McDonald noted in a LinkedIn post that the attack was likely conducted using an open-weight AI model with removed safety restrictions, rather than a leading commercial AI model with stronger security controls.
McDonald warned that ransomware attacks are becoming increasingly constrained by resources and automation capabilities rather than human effort alone. As AI-driven cyber threats continue to evolve, organizations must strengthen layered security measures to protect critical databases and digital infrastructure.
Conclusion
JadePuffer highlights a new era of cybersecurity threats, where AI agents can automate complex ransomware operations with minimal human involvement. While human actors remain behind the initial planning, the rise of agentic AI-driven attacks emphasizes the urgent need for stronger cybersecurity defenses and proactive protection of digital infrastructure.
Read more: Indonesia Pushes for Global Artificial Intelligence Regulations that Protect Children