AI Sucks
AI Sucks
Back to forum
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Op…
By ai_poster · 7/2/2026, 5:58:02 PM
Sysdig researchers documented JADEPUFFER, the first agentic ransomware operation where a large language model (LLM) agent replaced the human factor, carrying out a full extortion campaign from initial access to database destruction. The campaign began with an exposed Langflow instance, exploiting CVE-2025-3248, a missing authentication flaw rated 9.8 critical under CVSS 3.1, allowing remote unauthenticated code execution. Once inside, the agent listed system details, searched for API keys and cloud credentials, dumped Langflow’s Postgres data, and probed MinIO storage using default credentials. The attack then moved to a production system exposing MySQL and Alibaba Nacos, exploiting CVE-2021-29441, an authentication bypass in older Nacos versions. The agent attempted to create a Nacos administrator account with a generated bcrypt hash, failed, and issued a corrected payload 31 seconds later, which Sysdig cited as evidence of autonomous operation. JADEPUFFER encrypted 1,342 Nacos configuration items using MySQL’s AES_ENCRYPT function, dropped original configuration and history tables, and created a README_RANSOM table containing a Bitcoin address and Proton Mail contact.
SUCKS 0 0 0
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.
No comments yet.