Daily Guardian UAEDaily Guardian UAE
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
What's On

AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

July 6, 2026

AI agent reportedly carried out an entire ransomware attack on its own

July 6, 2026

The Washington Post predicted how tech will advance 50 years ago and the success rate is humbling

July 6, 2026

Apple’s foldable iPhone may arrive this fall, but good luck getting your hands on one

July 6, 2026

I spend hours on YouTube Shorts, and these are the features I now can’t live without

July 6, 2026
Facebook X (Twitter) Instagram
Finance Pro
Facebook X (Twitter) Instagram
Daily Guardian UAE
Subscribe
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
Daily Guardian UAEDaily Guardian UAE
Home » AI agent reportedly carried out an entire ransomware attack on its own
Technology

AI agent reportedly carried out an entire ransomware attack on its own

By dailyguardian.aeJuly 6, 20263 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Cybersecurity researchers say they have documented what could be the first ransomware attack carried out almost entirely by an autonomous AI agent, marking a significant shift in how cyberattacks could be conducted in the future. According to cloud security firm Sysdig, they have uncovered a ransomware operation dubbed JadePuffer that appears to have relied on a large language model (LLM) agent to perform nearly every stage of the attack without continuous human intervention.

If confirmed, the incident suggests AI is moving beyond writing malicious code and into actively planning, adapting, and executing cyberattacks in real time.

JadePuffer adapted to obstacles much like a human hacker

According to Sysdig’s findings, JadePuffer began by exploiting CVE-2025-3248, a remote code execution vulnerability in Langflow, an open-source framework used to build LLM-powered applications. The flaw, patched in April 2025, was later added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of vulnerabilities known to be exploited in the wild.

Once inside the system, the AI agent reportedly carried out a full attack chain that security researchers typically associate with experienced human operators. It collected host information, searched for credentials and sensitive files, extracted cloud secrets, and mapped storage resources before moving laterally through the victim’s infrastructure.

What stood out wasn’t simply the automation – it was the adaptability.

According to the Sysdig report, the researchers observed the AI agent responding dynamically when certain commands failed. In one instance, the malware encountered an unexpected XML response while querying a MinIO object store. Instead of failing, the agent modified its parsing logic and retried using a different approach. Researchers also documented a failed login attempt that was automatically corrected within 31 seconds, without requiring human input.

The AI later established persistence by creating scheduled cron jobs before pivoting to a production server running Alibaba Nacos, where it exploited CVE-2021-29441 to create rogue administrator accounts. It eventually encrypted 1,342 Nacos configuration records, deleted the original data, and replaced it with a ransom note demanding payment in Bitcoin.

Interestingly, researchers found several signs suggesting the operation was AI-generated. The malicious code contained unusually detailed natural-language comments explaining its own reasoning, while the ransom note referenced a Bitcoin wallet commonly used as an example in documentation rather than a genuine payment address. Sysdig also believes the malware likely used AES-128 in ECB mode, despite claiming AES-256 encryption.

ransomware

The findings arrive as cybersecurity experts increasingly warn about the emergence of agentic AI, where AI systems can independently plan and execute complex tasks rather than simply responding to prompts. While JadePuffer still exploited known vulnerabilities rather than inventing new attack methods, the ability to autonomously perform reconnaissance, privilege escalation, persistence, and ransomware deployment represents a notable escalation in offensive AI capabilities.

Sysdig says the incident demonstrates that “agentic threat actors” have effectively arrived, potentially lowering the technical expertise required to launch sophisticated cyberattacks. At the same time, researchers note that AI-generated attacks may also leave distinct behavioural patterns and coding characteristics that defenders can use to build new detection techniques.

For organizations, the report serves as another reminder that patching internet-facing systems and securing cloud credentials remain essential – even as the attackers themselves begin to change.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

AI’s energy tax was already concerning. Research says AI agents are over hundred times worse

The Washington Post predicted how tech will advance 50 years ago and the success rate is humbling

Apple’s foldable iPhone may arrive this fall, but good luck getting your hands on one

I spend hours on YouTube Shorts, and these are the features I now can’t live without

The iPhone 18 Pro Max battery upgrade now looks all but confirmed

Australian government warns doctors over AI scribing tools as privacy and safety concerns grow

3 Siri AI features that have genuinely improved my day-to-day life

Merlin bird ID app is now eyeing a global database of our vanishing feathery friends

This compact mechanical keyboard looks like a love letter to the Game Boy Advance

Editors Picks

AI agent reportedly carried out an entire ransomware attack on its own

July 6, 2026

The Washington Post predicted how tech will advance 50 years ago and the success rate is humbling

July 6, 2026

Apple’s foldable iPhone may arrive this fall, but good luck getting your hands on one

July 6, 2026

I spend hours on YouTube Shorts, and these are the features I now can’t live without

July 6, 2026

Subscribe to News

Get the latest UAE news and updates directly to your inbox.

Latest Posts

The iPhone 18 Pro Max battery upgrade now looks all but confirmed

July 5, 2026

Australian government warns doctors over AI scribing tools as privacy and safety concerns grow

July 5, 2026

3 Siri AI features that have genuinely improved my day-to-day life

July 5, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian UAE. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.