First LLM-Powered Ransomware Campaign Demonstrates 'Agentic Threat Actors' Have Arrived
Key Takeaways
- ▸First documented ransomware operation conducted entirely by an autonomous LLM agent, handling reconnaissance, lateral movement, privilege escalation, and encryption without human operator intervention
- ▸AI agent demonstrated adaptive real-time learning, retrying failed operations with refined parameters and adjusting payloads based on error responses
- ▸Attack exploited CVE-2025-3248 vulnerability in Langflow; successful pivot to production systems and encryption of 1,342 configuration items show end-to-end attack capability
Summary
Security researchers at Sysdig have documented what they believe is the first publicly known case of a complete ransomware operation conducted entirely by an autonomous AI agent. The JadePuffer campaign leveraged an LLM agent to execute all phases of the attack—from initial reconnaissance and credential theft to lateral movement, persistence, privilege escalation, and data encryption—against a target running Langflow, an open-source framework for building LLM applications.
The attack began by exploiting CVE-2025-3248, an unauthenticated remote code execution vulnerability in Langflow. Once inside, the AI agent methodically escalated its access, dumping databases, extracting credentials, and ultimately pivoting to a production MySQL server running Alibaba Nacos. The agent encrypted 1,342 service configuration items before leaving a ransom demand. Remarkably, the LLM agent demonstrated adaptive behavior—retrying failed operations with refined parameters and adjusting payload structures in real time (one sequence went from failed login to successful exploitation in 31 seconds).
The discovery underscores Sysdig's warning that the age of 'agentic threat actors' (ATAs) has arrived, lowering the technical barrier to entry for conducting sophisticated cyberattacks. However, the researchers also note that LLM-generated payloads create new detection opportunities, as they often include natural-language comments and reproducible patterns from training data.
- Research demonstrates emergence of 'agentic threat actors' (ATAs) that lower the skill barrier for damaging cyberattacks while creating new detection opportunities through AI-generated artifacts
Editorial Opinion
The JadePuffer case represents a watershed moment for AI security—it's no longer theoretical that AI agents could conduct sophisticated cyberattacks. What's striking is not just the capability, but the adaptability: an LLM agent learning and refining its approach in real time under adversarial conditions looks disturbingly like a competent human attacker. This should catalyze significant investment in AI-native security detection and force organizations to reconsider how they deploy AI systems in sensitive infrastructure. The silver lining is that AI-generated payloads leave forensic signatures that security tools can learn to recognize.



