logo

JadePuffer Ransomware Used AI Agent to Automate Entire Attack

ID: 77a6548d-8619-531b-a640-bca104575d17

STIX ID: report--77a6548d-8619-531b-a640-bca104575d17

Feed Name: Security Boulevard

Threat Score
75/100

Date Published: 2026-07-05

Date Updated: 2026-07-05

Author: John Kevin Hao

...
...

## Executive summary: Researchers reported JadePuffer, a ransomware operation automated end-to-end by an autonomous LLM agent that exploited CVE-2025-3248 in Langflow to dump databases, harvest credentials, pivot to a production Nacos/MySQL environment, establish persistence, and encrypt 1,342 service configuration items; defenders are advised to patch Langflow, restrict internet exposure of AI development tools, harden secrets/config stores, and hunt for agentic attack behaviors.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.