JADEPUFFER: The First Confirmed AI Agent Ransomware Attack — 600 Payloads, 1,342 Records Encrypted, Recovery Impossible, Attacker Cost Near Zero
JADEPUFFER is the first confirmed end-to-end AI-agent-driven ransomware operation, documented by Sysdig’s Threat Research Team. An autonomous LLM exploited a 2025 Langflow CVE, harvested cloud and AI provider credentials, moved laterally to a production MySQL/Nacos server, encrypted 1,342 configuration records, deleted the originals, and left a Bitcoin ransom demand — across 600+ payloads with no human at the keyboard. The encryption key was never stored. Recovery is impossible even with payment. The agent ran on stolen LLM API keys, making the attacker’s cost near zero. The techniques were all old, known, and unpatched.
