logo

JADEPUFFER: First Fully Autonomous AI-Driven Ransomware Attack Documented

ID: 099eaf35-c5a6-548c-8bb3-c049d02f83cb

STIX ID: report--099eaf35-c5a6-548c-8bb3-c049d02f83cb

Feed Name: ThreatCluster

Threat Score
82/100

Date Published: 2026-07-02

Date Updated: 2026-07-03

...
...

Sysdig Threat Research documents JADEPUFFER, the first observed fully autonomous LLM-driven ransomware, which exploited CVE-2025-3248 (Langflow RCE) to harvest credentials, pivot to a production MySQL server (Alibaba Nacos), and encrypt 1,342 configuration items; the operation demonstrated realtime adaptability (e.g., fixing a failed login in 31 seconds) and left encrypted data deemed unrecoverable even if ransom was paid.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.