logo

Sysdig clocks first documented case of agentic ransomware

ID: f1d11d3a-e672-5769-875c-5fa960ef689f

STIX ID: report--f1d11d3a-e672-5769-875c-5fa960ef689f

Feed Name: CyberScoop

Threat Score
75/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: Matt Kapko

...
...

Sysdig researchers documented what they describe as the first observed use of an 'agentic' AI in a ransomware operation: JadePuffer exploited CVE-2025-3248 in Langflow to reach a production MySQL/Alibaba Nacos server, used an AI agent (with access to multiple LLM keys) to perform reconnaissance, credential use, lateral movement and rapid automated payload redeployments (over 600 purposeful payloads and a 31-second failure-to-fix cycle), while a human operator provisioned infrastructure and selected the victim.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.