JADEPUFFER: AI ran the whole ransomware attack itself
Sysdig documented the first ransomware run end-to-end by an AI agent. The operator lesson: your exposed apps are now attacked at machine speed — patch faster.
Security researchers just documented a ransomware attack where no human touched the keyboard for the individual steps. Sysdig calls it JADEPUFFER — the first documented case of an extortion operation driven end-to-end by a large language model. The agent found the way in, stole the credentials, moved through the network, encrypted the database, and dropped the ransom note. If your business runs any internet-facing app, this is the shift that matters: the attacks that used to require a skilled human are now being run by software, at software speed.
What actually happened
Per Sysdig's writeup and reporting from BleepingComputer, the agent got in through CVE-2025-3248 — a missing-authentication flaw in Langflow, an open-source LLM app framework, that lets an unauthenticated attacker run arbitrary Python on the host. From there it ran an adaptive, fully automated campaign: it harvested credentials, pivoted to the target's production database, encrypted all 1,342 Nacos service-configuration items with AES, dropped the original tables, and created an extortion table with a Bitcoin address and a contact email.
What made it clearly agentic wasn't the payload — it was the behavior. The payloads were "self-narrating," full of natural-language reasoning about which target to hit first. When a login failed, the agent diagnosed and shipped a working fix in 31 seconds. It retried failed steps with refined parameters, the way a human operator handles obstacles. Sysdig's blunt conclusion: "the skill floor for running ransomware has dropped to whatever it costs to run an agent."
Why it matters for your business
You don't run Langflow. That's not the point. The point is that the economics of getting attacked just changed. Attacks used to require a human with time and skill, so most small businesses flew under the radar — not worth the effort. When an agent can chain recon, credential theft, lateral movement, and encryption on its own, "not worth a human's time" stops protecting you. Every exposed, unpatched service is now worth an agent's time, and an agent has infinite time.
The defense is boring, and that's exactly why it works. Know what of yours is internet-facing — the admin panel, the database port, the old app nobody's logged into in a year. Patch known CVEs on a schedule measured in days, not quarters, because the window between a vulnerability going public and an agent scanning for it is shrinking toward zero. Put real authentication in front of anything reachable, and keep offline backups you've actually tested restoring. None of this is exotic. The attackers automated their side — you have to close the easy doors before automated scanners find them.
We build and maintain systems where the boring security work isn't optional — patched, authenticated, backed up, and monitored, so an automated attack finds a locked door instead of an open one.
Key takeaways
- Sysdig documented JADEPUFFER, the first ransomware operation run end-to-end by an AI agent — no human in the per-step loop
- It entered through CVE-2025-3248, a missing-auth RCE in Langflow, then autonomously encrypted 1,342 database config items and posted a ransom demand
- The agent adapted in real time — going from a failed login to a working fix in 31 seconds
- For your business: "not worth a human's time" no longer protects you — inventory what's exposed, patch known CVEs in days, enforce auth, and keep tested offline backups
Do you know what of yours is exposed and unpatched right now? We build and maintain systems where patching, authentication, and tested backups are handled — so an automated attack hits a locked door. See how we harden what you run or have us audit your exposed surface.
Sources: Sysdig, BleepingComputer.
- #jadepuffer
- #ransomware
- #ai-agents
- #security
- #patching
Tommy Rush — Founder, Rush Commerce
Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More
Get The Rush Report weekly — one email, zero fluff.
Keep reading
Taktile's $110M: the winning AI pattern is agents plus rules
Goldman Sachs led a $110M round in Taktile, whose platform pairs AI agents with hard rules and human oversight. The lesson for automating any real decision.
Read itStraiker's $64M: your AI agents are now an attack surface
Straiker raised $64M to secure enterprise AI agents. Even if you'll never buy it, the round is a warning: the agent you deployed can be turned against you.
Read it