Researchers say JadePuffer is the first documented ransomware operation carried out entirely by a large language model agent, which used autonomous reasoning to handle reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption. The attack began with CVE-2025-3248 in Langflow, later moved into Alibaba Nacos, and ended with encryption of 1,342 configuration items before the ransom note was planted. #JadePuffer #Langflow #CVE-2025-3248 #AlibabaNacos #CVE-2021-29441
Keypoints
- JadePuffer is believed to be the first ransomware operation executed entirely by an LLM agent.
- The AI agent adapted in real time when steps failed, similar to a human operator.
- Initial access was gained through CVE-2025-3248 in Langflow.
- The attacker pivoted from Langflow to a production Alibaba Nacos server using root credentials.
- JadePuffer encrypted 1,342 Nacos configuration items and created an extortion table with payment details.