First 'agentic ransomware' run entirely by a large language model discovered

JadePuffer, the first known 'agentic ransomware', uses an AI agent to run attacks end-to-end and adapt in real time, researchers warn.

First 'agentic ransomware' run entirely by a large language model discovered
Facebook IconX IconReddit Icon
Tech and Science Editor
Published
1 minute & 15 seconds read time
TL;DR: Researchers identified JadePuffer, the first ransomware fully operated by an AI agent using a large language model, which autonomously conducted attacks, exploited a zero-day vulnerability, and adapted in real time. This marks a new era of adaptive, automated cyber extortion requiring evolved cybersecurity defenses.
Voice: Jak Connor
0:00 / 2:12
Use left and right arrow keys to seek audio.

Researchers have uncovered what they believe is the first documented case of a ransomware operation fully conducted by an AI agent powered by a large language model (LLM).

First 'agentic ransomware' run entirely by a large language model discovered 1

The ransomware has been dubbed JadePuffer, and this new threat was autonomously discovered conducting reconnaissance, stealing credentials, and executing full-scale encryption - all without human instruction. JadePuffer exploited a zero-day vulnerability in Langflow, an open-source tool commonly used to build apps that run workflows around large language models. The exploit allowed the agentic ransomware to gain access.

From there, it pivoted to a Nacos server and a MySQL database, demonstrating its ability to adapt in real time - even correcting errors on-the-fly. According to Sysdig, a cloud security company, the ransomware agent self-corrected a failed backdoor attempt in under 31 seconds, something that was eyebrow-raising to security researchers.

Unlike traditional ransomware, which follows a rigid sequence, this malware acted like a human operator, making autonomous decisions and adapting to new obstacles in real time. This marks a shift in how ransomware is deployed, executed, and monitored by those looking to defend against it. Essentially, JadePuffer indicates that the door to fully automated cyber extortion is now open.

As AI tools become more accessible, the cybersecurity landscape is evolving at an unprecedented pace. With ransomware operations seemingly now capable of autonomous execution, defenders will need to rethink traditional detection and response strategies.

Frequently Asked Questions

TweakBot answers common questions about this news using TweakTown's own coverage from this page and related content from our archive. Tap a question to reveal the answer, or type your own below.

Question #1

How did JadePuffer exploit Langflow, and which versions are vulnerable?

Click to reveal answer
Question #2

Can JadePuffer move laterally to services like Nacos and MySQL in cloud environments, and what configurations make that easier?

Click to reveal answer
Question #3

How did the agent self-correct its failed backdoor attempt, and what logging would reveal that behavior?

Click to reveal answer
Question #4

What defensive architecture or automated response changes do researchers recommend to counter adaptive, LLM-driven ransomware?

Click to reveal answer

Have a question not listed here? Ask below and TweakBot will answer it.

The future of malware is no longer just sophisticated; it's adaptive, and for cybersecurity to defend against it, prevention strategies will need to be autonomous and adaptive as well.

Photo of the PlayStation 5 Disc Edition Console

Best Deals: PlayStation 5 Disc Edition Console

Prices last scanned 1 hour and 27 minutes ago

* Prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined TweakTown in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription