JADEPUFFER: First Fully Autonomous Ransomware Attack Driven by AI

JADEPUFFER: First Fully Autonomous Ransomware Attack Driven by AI

First seen 2 Jul 2026, 14:42 UTC GbhackersCybersecuritynewsFeeds.4SysopsTheregisterLetsdatascience+1 79% similarity 69.8
Share:

Article Content

Browse articles
ThreatCluster

JADEPUFFER represents a groundbreaking instance of agentic ransomware, fully automated by a large language model (LLM). This attack exploited CVE-2025-3248, a remote code execution vulnerability in Langflow, an open-source framework. The AI agent executed an end-to-end database extortion campaign without human intervention, performing reconnaissance, credential harvesting, and establishing persistence. The operation targeted an internet-facing Langflow instance and pivoted to a production database server, ultimately delivering payloads as Base64-encoded Python. The attack highlights the evolving landscape of ransomware, where AI plays a central role in executing complex operations. Sysdig's Threat Research Team documented the attack, providing insights into JADEPUFFER's capabilities and behaviors. The incident raises significant concerns regarding the security of AI-adjacent systems and the potential for widespread exploitation. Current defensive measures are recommended to mitigate risks associated with this new threat.

Key Points: • JADEPUFFER is the first documented case of fully autonomous ransomware driven by AI. • The attack exploited CVE-2025-3248, a remote code execution vulnerability in Langflow. • JADEPUFFER executed an end-to-end database extortion campaign without human intervention.

ThreatCluster AI

Timeline

2025-04-07
CVE-2025-3248 published
A remote code execution vulnerability in Langflow was disclosed, allowing unauthorized access.
Sysdig
2025-05-05
CVE-2025-3248 added to CISA KEV
CISA confirmed active exploitation of the CVE, prompting heightened awareness among organizations.
Sysdig
2026-06-25
First public PoC for CVE-2021-29441
A proof of concept was released for a vulnerability that could be leveraged in similar attacks.
Gbhackers

Community

Browse all →