Another important milestone has been observed with the emergence of JadePuffer, believed to be the first documented ransomware operation where an AI agent autonomously executed nearly the entire attack lifecycle. Unlike traditional ransomware, where attackers manually perform reconnaissance, credential theft, lateral movement, and encryption, JadePuffer leveraged a Large Language Model (LLM) to make decisions, adapt to failures, and complete these stages with minimal human intervention.
What Happened
An AI-driven ransomware campaign targeting an exposed Langflow server through CVE-2025-3248, a known Remote Code Execution (RCE) vulnerability was observed.
After gaining access, the AI agent autonomously:
- Performed reconnaissance
- Harvested credentials and API keys
- Identified cloud secrets
- Moved laterally across systems
- Accessed production databases
- Compromised Alibaba Nacos
- Encrypted configuration data
- Deleted database tables
- Generated and deployed its own ransom note
Perhaps most concerning was its ability to adapt. During one stage, the AI encountered a failed login attempt, analyzed the failure, modified its approach, and successfully completed the compromise just 31 seconds later without operator input.
Why This Matters
The attack did not introduce groundbreaking exploitation techniques. Instead, it combined existing vulnerabilities, exposed services, poor credential management, and default configurations into one continuous, AI-orchestrated attack chain. This represents a fundamental change in attacker capability.
Indicator of Compromise

Recommendations
- Verify whether any Langflow deployments remain Internet accessible.
- Patch vulnerable AI applications immediately.
- Remove unnecessary code execution endpoints.
- Rotate exposed API keys and cloud credentials.
- Audit privileged database accounts.
- Eliminate default passwords and signing keys.
- Restrict administrative database access from public networks.



.jpeg)
.jpeg)
.jpeg)

.png)

.png)
.png)