Security11:13 · 2h ago

AI Agent Executes First Fully Autonomous Ransomware Cyberattack Globally

YnetCenter
Translated & summarized from Ynet by baba
The story · English

Security researchers have identified the first documented case of a ransomware attack entirely planned, managed, and executed by an autonomous AI agent. The attacker group, known as JadePuffer, utilized a large language model (LLM) to conduct all stages of the attack, from initial reconnaissance and credential theft to lateral network movement, data encryption, and ransom demand. The initial breach exploited a known vulnerability (CVE-2025-3248) in Langflow, an open-source AI application development framework. After infiltration, the AI agent scanned databases, extracted passwords and encryption keys, and moved laterally to production servers running Alibaba Nacos services. It encrypted 1,342 configuration items, deleted originals, and left a Bitcoin ransom note.

According to a report by cloud security firm Sysdig, the most alarming aspect was the AI agent's real-time adaptability, which allowed it to detect and fix operational errors rapidly, such as resolving a login failure within 31 seconds. Despite the sophistication, researchers noted the technology is still in early stages, as the ransom note contained a public Bitcoin wallet address commonly used in training materials, indicating the AI copied data without understanding financial context. The AI-generated code also included detailed natural language comments explaining its logic, a hallmark of language models.

This development marks a significant leap from previous cyber threats, which were mostly static or semi-automated malware. Prior AI-based tools like WormGPT and FraudGPT mainly assisted human operators by generating phishing content or isolated code snippets. Fully autonomous AI agents now enable complex attacks without requiring advanced human technical skills and operate at machine speed, compressing attack timelines drastically.

Yuval Sinai, head of active defense at Israel's National Cyber Directorate, emphasized that JadePuffer did not use revolutionary techniques but combined known vulnerabilities, misconfigurations, and unpatched systems with autonomous decision-making and real-time adaptation. This shift demands a paradigm change in defense strategies, moving from signature-based detection to behavior-based protection, continuous identity and permission monitoring, AI environment hardening, attack surface reduction, and accelerated patch management.

For organizations relying on air-gapped networks, this is a warning sign. While physical isolation remains important, autonomous AI attackers could operate independently inside isolated networks after an initial breach via supply chain, removable media, or insider threats. The era of Agentic Threat Actors (ATA) is no longer hypothetical but an emerging reality requiring urgent attention.

Read the original at Ynet
Open the live terminal