US Sysdig Reveals AI Ransomware Automates Attacks
2026-07-07 15:31
Favorite

en.Wedoany.com Reported - Security firm Sysdig recently disclosed a ransomware attack case fully driven by an AI agent, where attackers used the technology to launch automated attacks against devices exposed to critical vulnerabilities. The ransomware used in this attack, named "JADEPUFFER," infiltrated database servers through the vulnerability CVE-2025-3248 discovered last year in the open-source framework Langflow.

JADEPUFFER targets devices exposed to the CVE-2025-3248 vulnerability. This vulnerability allows attackers to execute code remotely, posing higher risks because Langflow servers are typically connected to the internet and hold API keys or cloud credentials needed for developing AI applications. Langflow is an open-source framework for developing large language model applications, providing a convenient environment for less experienced users to create applications.

After the vulnerability was disclosed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to the "Known Exploited Vulnerabilities" list and urged patching. Despite this, cases exploiting the vulnerability continue to emerge, with it being used to distribute botnet malware in July last year. In this JADEPUFFER attack, after successful intrusion, it identifies the system structure, collects API keys for various AI services and cloud credentials for Amazon Web Services (AWS) and Azure, then shifts its attack to MySQL databases and Alibaba Cloud's cloud-native platform "Nacos." After gaining administrator privileges to log into the database, attackers encrypt all configuration values and leave a ransom note.

Sysdig found evidence during its investigation that JADEPUFFER was operated by AI. The attack process included a large number of natural language comments explaining the reason for each operation. Sysdig noted that humans would not add detailed explanations for one-time code, but LLMs do so during code generation. Additionally, the speed of code modification was noteworthy: even when errors occurred, it took only 31 seconds to modify the code and successfully connect, with 15 lines of related code, and a similar pattern repeated throughout the session. Sysdig emphasized that it takes humans more than 31 seconds to read error messages, analyze causes, and make modifications.

This attack demonstrates that ransomware is no longer limited to skilled technicians. In the past, attackers had to personally complete the entire process of creating ransomware, exploiting vulnerabilities, and extorting victims. Although Ransomware-as-a-Service (RaaS) organizations lowered the entry barrier through the dark web, human intervention still existed. JADEPUFFER successfully automated the attack process using an AI agent, and Sysdig expects similar attacks to follow.

Sysdig recommends updating Langflow to a version that fixes CVE-2025-3248 and avoiding exposing code execution endpoints to the internet to prevent such attacks. It also advises against running AI control servers with API keys or cloud credentials.

Such AI-based ransomware is still in its early stages. While some similar cases have been confirmed, they have not yet reached the automation level of JADEPUFFER. AI is more actively used in the early stages of attacks, such as phishing emails or vulnerability scanning. Kim Jun-young, head of the Everyzone team, stated that some research has confirmed cases of AI automated attacks, but they are not prominent, while AI is more significantly used in initial intrusion tasks like crafting sophisticated phishing emails or stealing credentials. He added that user vigilance is paramount, but completely blocking attacks is difficult, and the focus should be on rapid recovery, building a multi-layered defense system from anti-ransomware to data backup to counter ransomware.

 

This bulletin is compiled and reposted from information of global Internet and strategic partners, aiming to provide communication for readers. If there is any infringement or other issues, please inform us in time. We will make modifications or deletions accordingly. Unauthorized reproduction of this article is strictly prohibited. Email: news@wedoany.com