The AI agent JadePuffer should be able to carry out the entire chain of attacks independently and even react to failures.
acceptphoto | shutterstock.com
It has long been known that artificial intelligence (AI) is changing cyber security. However, until now, AI-supported cyberattacks have required regular human input, for example to respond to failures.
Now security company Sysdig has documented the first ransomware attack that appears to have been carried out entirely by an LLM-based AI agent. The experts named the intruder, who independently carried out the entire chain of attacks – from the initial intrusion to the encryption of the victim’s data – JadePuffer.
CVE exploited in Langflow
According to Sysdig, the attack began with JadePuffer exploiting the CVE-2025-3248 vulnerability in the open source AI framework Langflow. The agent then moved to a production server running MySQL and Alibaba’s Nacos configuration platform, the actual target of the attack. According to the researchers, all payloads were injected as Base64-encoded Python code via Langflow’s remote code execution endpoint. According to the experts, the AI agent used an LLM to adapt its actions and execute more than 600 coordinated payloads.
