Meet JadePuffer: The AI Ransomware That Can Hack Systems Without Human Help

meet jadepuffer: the ai ransomware that can hack systems without human help

Artificial intelligence is making cyberattacks more advanced, but a newly discovered ransomware campaign has taken that idea a step further. Security researchers have identified JadePuffer, which they describe as the first ransomware attack carried out almost entirely by an autonomous AI agent. As per a report by cybersecurity firm Sysdig, the malware was able to break into systems, adapt when it encountered obstacles, rewrite parts of its own code and eventually encrypt critical data without direct human intervention. Here’s everything you need to know about this.

How JadePuffer Carried Out The Attack

According to Sysdig’s findings, the attack began by exploiting CVE-2025-3248, a critical vulnerability affecting Longflow, an open-source AI workflow framework. Once inside the target environment, JadePuffer started hunting for sensitive information, including cloud credentials, API keys, cryptocurrency wallets and database login details across platforms such as AWS, Microsoft Azure, Google Cloud, Alibaba Cloud and Tencent Cloud. What surprised researchers was what happened next. When some login attempts failed, the AI agent didn’t simply stop. Instead, it analysed the errors, modified its own code and tried again until it successfully gained access.

The malware later targeted a production MySQL server running Alibaba’s Nacos by exploiting another known vulnerability, CVE-2021-29441, before creating rogue administrator accounts. It then encrypted more than 1,300 service configuration files, deleted the originals and left behind a Bitcoin ransom demand. Researchers, however, discovered a disturbing twist. As the encryption key was really never stored, meaning victims would be unable to recover their data even if they paid the ransom.

Why Cybersecurity Experts Are Paying Attention

Unlike traditional ransomware, which typically depends on skilled hackers to make decisions during an attack, JadePuffer appears capable of reasoning through problems on its own. Sysdig noted that the malware even contained natural-language explanations describing why certain actions were taken, a characteristic commonly associated with code generated by large language models. The report suggests autonomous AI could dramatically reduce the expertise required to launch sophisticated ransomware attacks while allowing them to operate at machine speed and adapt to changing conditions without human guidance. Cybersecurity researchers believe the incident should serve as an early warning rather than an isolated case.

source

Leave a Reply