JadePuffer ransomware used AI agent to automate entire attack

JadePuffer ransomware used AI agent to automate entire attack
Researchers say JadePuffer is the first documented ransomware operation carried out entirely by a large language model agent, which used autonomous reasoning to handle reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption. The attack began with CVE-2025-3248 in Langflow, later moved into Alibaba Nacos, and ended with encryption of 1,342 configuration items before the ransom note was planted. #JadePuffer #Langflow #CVE-2025-3248 #AlibabaNacos #CVE-2021-29441

Keypoints

  • JadePuffer is believed to be the first ransomware operation executed entirely by an LLM agent.
  • The AI agent adapted in real time when steps failed, similar to a human operator.
  • Initial access was gained through CVE-2025-3248 in Langflow.
  • The attacker pivoted from Langflow to a production Alibaba Nacos server using root credentials.
  • JadePuffer encrypted 1,342 Nacos configuration items and created an extortion table with payment details.

Read More: https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/