Sysdig clocks first documented case of agentic ransomware
ID: f1d11d3a-e672-5769-875c-5fa960ef689f
STIX ID: report--f1d11d3a-e672-5769-875c-5fa960ef689f
Feed Name: CyberScoop
Sysdig researchers documented what they describe as the first observed use of an 'agentic' AI in a ransomware operation: JadePuffer exploited CVE-2025-3248 in Langflow to reach a production MySQL/Alibaba Nacos server, used an AI agent (with access to multiple LLM keys) to perform reconnaissance, credential use, lateral movement and rapid automated payload redeployments (over 600 purposeful payloads and a 31-second failure-to-fix cycle), while a human operator provisioned infrastructure and selected the victim.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
