Why this fully agentic ransomware attack is giving researchers nightmares


ai-attack4gettyimages-1980357946

Just_Super/ E+ via Getty Images

Follow ZDNET: Add us as a preferred source on Google.


ZDNET’s key takeaways

  • Researchers have documented a ransomware campaign that appears to be entirely AI-driven.
  • JadePuffer could be the first known case of an AI agent orchestrating a full attack chain.
  • The case underscores the urgency with which organizations must defend themselves. 

Security researchers have identified JadePuffer, a ransomware campaign that they’re calling the “first documented case of agentic ransomware.” The entire operation is driven end-to-end by AI.  

Also: 5 ways to fortify your network against the new speed of AI attacks

What is JadePuffer and how does it work?

According to the cloud security firm Sysdig, JadePuffer uses a large language model (LLM) to handle the campaign without human intervention. 

The JadePuffer operator — or cybercriminal group — exploited CVE-2025-3248, an unauthenticated remote code execution (RCE) vulnerability in Langflow, an open source builder for agentic AI applications. 

JadePuffer’s LLM abused the Langflow bug to gain initial access to its target system, performing reconnaissance and scanning the environment to steal credentials, including LLM-related API keys, cloud service credentials, cryptocurrency wallet information, and seed phrases, as well as database credentials and configuration files. 

Also: Is your AI agent a security risk? NanoClaw wants to put it in a virtual cage

After establishing persistence in the Langflow environment, the threat actor pivoted to its true target, a production server running an Alibaba Nacos configuration service. Ransomware was then deployed, and files on the server were encrypted before a ransom note demanding payment in Bitcoin was displayed to the victim. 

AI’s influence

This playbook has been seen countless times in ransomware campaigns, but what makes it different is its use of an LLM that can adapt and adjust its tactics based on the defenses it encounters:

  • Self-narrating code: The LLM annotated each payload and step, which explained each task in the attack chain and why the AI made each decision. 
  • Failures and fixes: In one step, the LLM failed to access the target system. Within 31 seconds, a fix was calculated, and a new corrective payload was developed and deployed.

Why does JadePuffer matter?

It appears that JadePuffer may be one of the earliest examples of a ransomware campaign deployed and managed by an LLM. 

Noelle Murata, chief operating officer of Xcape Inc., says that the JadePuffer case “marks a foundational shift in adversarial capabilities,” highlighting how AI can be used to pivot cyberattackers from scripted — and rigid — techniques to “autonomous, machine-speed execution.”

Also: 5 security tactics your business can’t get wrong in the age of AI – and why they’re critical

This case is likely going to give security defenders some sleepless nights. The problem is that AI and LLMs are often faster than humans at performing computing tasks, and while AI errors and hallucinations could impact the success of an LLM-controlled malicious campaign, AI can rapidly adapt — and the time defenders have to respond shrinks. 

“By leveraging a large language model to independently navigate the entire cyber kill chain, diagnose its own execution errors, and rewrite payloads in seconds, this operation renders conventional, human-dependent incident response models completely obsolete,” Murata said. “While the agent relied entirely on unpatched legacy vulnerabilities and public tools to gain initial access, its ability to execute an end-to-end campaign without human intervention severely compresses the detection and containment window for defenders.”

How can businesses respond?

How organizations can respond effectively to the next evolution of AI-driven cybercrime remains to be seen. However, it could be that human, manual triage and incident response won’t be enough in a few short years. 

Also: Want a private ChatGPT alternative? How Proton’s Lumo 2.0 locks down your data, EU style

Security experts recommend behavior-based detection models to combat not only AI but also insider threats, and it’s likely that future defenders will need to deploy their own AI solutions to defend their networks. Automated monitoring systems, advanced identity management, and endpoint protection, alongside layered, proactive security measures, could make the difference.





Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews







Today, when one pictures a “classic Dodge Charger”, the first image that pops up is almost certainly one of the highly desirable Charger models from the late 1960s or early ’70s. Indeed, those early muscle car Chargers are iconic, playing a starring role in the “Dukes of Hazzard” television show and, somewhat more recently, “The Fast and the Furious” films. But as time ticks on, is it time to start appreciating the modern version of the Charger as a potential modern classic?

It’s now been over 20 years since Dodge brought back the Charger nameplate for a spacious four-door sedan with an optional HEMI V8 engine. While the basic Charger R/T was a potent machine for its time, Dodge really took the Charger’s game to the next level for the 2006 model year with the debut of the Charger SRT8. 

The SRT8 model used a larger version of the third-gen HEMI V8 that, combined with other performance upgrades, transformed the sedan into a serious performance car capable of running with its 1960s HEMI ancestors at the drag strip — to say nothing of its vastly superior handling and refinement. In the years that followed, Dodge would continue to improve the Charger’s performance with larger and more powerful HEMI engines, but the significance of the original Charger SRT8 is not to be overlooked.

A muscle car legend reborn for the 2000s

Today, with the modern Charger being such an established part of the car enthusiast world, it’s easy to forget some of the controversy that surrounded its mid-2000s return. Most of it focused on the fact that the beloved muscle car nameplate had been brought back for a four-door sedan rather than a retro-styled coupe. Fortunately, those people looking for that retro coupe would be satisfied by the reborn Dodge Challenger when it arrived a few years later, while the Charger went on to become a highly popular muscle sedan in its own right.

The addition of the SRT8 model to the lineup certainly helped, of course. Under the hood was the larger 6.1-liter HEMI V8, which differed from the standard 5.7-liter HEMI in several ways, not least the displacement. With the 6.1 under the hood, the SRT8 made 425 hp and 420 lb-ft of torque, easily laying down a mid-13-second quarter-mile time in Motor Trend’s hands. This was very quick by mid-2000s standards, especially considering the now-outdated five-speed automatic transmission.

But the SRT8’s performance went beyond just the drag strip. As part of the SRT transformation, Dodge also gave the car larger wheels and tires, a retuned suspension setup, and large Brembo brakes. While this didn’t necessarily make the car an agile road course weapon, it did give the SRT8 an athleticism that belied the Charger’s weight and size. 

The evolution of modern Dodge muscle

What’s even cooler about this era in Chrysler/Dodge performance history is that the Charger was just one of the four-door LX platform cars that the automaker offered with SRT badges and a powerful HEMI engine under the hood. Apart from the Charger, buyers could also choose from the more upscale, but ultimately short-lived SRT version of the Chrysler 300C sedan or the Dodge Magnum SRT8 station wagon.

The original Charger SRT8 marked the beginning of a long run of increasingly powerful, high-performance models. In the early 2010s, the Charger SRT8’s 6.1 HEMI was replaced by the larger and more powerful 6.4/392 HEMI, with that motor eventually becoming available in the less expensive Charger R/T Scat Pack. Then, of course, came the Charger SRT Hellcat, with a 707-hp, supercharged 6.2-liter that turned the car into a genuine super sedan.

So is the original Charger SRT8 a guaranteed future classic? Classified listings show that clean examples still bring decent money today, but the fact that it was followed by improved models may ultimately limit its potential for becoming a true, mega-desirable collector car. Regardless, though, the Charger SRT8’s accomplishments in modern muscle car history are not to be taken lightly.





Source link