Typically, when hackers attempt to break into a system, they have to retrace steps and make incremental changes time and again. A new campaign called JadePuffer, run entirely by AI, instead works autonomously, finding unexplored avenues on its own to continuously deploy brute-force tactics. It could increase the spread of the incursion exponentially.
A recent report from cloud security firm Sysdig details the capabilities of JadePuffer, which it says is the first ransomware campaign run completely by a large language model (LLM). And it could mark the beginning of a new era in online crime.
The agent “adapted in real time, retrying failed steps within refined parameters,” wrote Michael Clark, Sysdig’s senior director of threat research, in a memo. “In one sequence, it went from a failed login to a working fix in 31 seconds.”
The observed attack involved a vulnerability in the Langflow open-source framework, which is used to build LLM applications. (The vulnerability has since been patched.) Once it exploited that vulnerability, it ran “an adaptive and fully automated campaign” that resulted in “a destructive database-extortion playbook against the victim’s production database server,” Sysdig’s report reads.
For potential targets, that raises the stakes. As these threats become more common, businesses (and people) who are targeted will need to respond a lot faster to attacks, Sysdig emphasized in its report. “JadePuffer is a warning sign,” Clark wrote. “It’s a marker of where extortion tradecraft is heading. An autonomous agent reasoned about its targets, harvested and reused credentials, moved laterally, established persistence, and destroyed a database, narrating its own intent the entire way.”
The techniques the campaign used were neither novel nor sophisticated. What made this worrisome was the way the AI model brought them all together, on its own, to create the ransomware operation.
That lowers the cost of operating a hacking group to the cost of running an agent—and makes it easier for would-be hackers who aren’t as skilled at programming to launch attacks. Possibly even worse is the scenario in which hackers steal credentials to run an agent, taking their costs to virtually nothing.
And now that one LLM-driven ransomware agent has been spotted in the wild, expect others, the security firm warned.
“Defenders should expect the volume and breadth of such campaigns to rise as agentic tooling matures, and they should treat exposed application servers, unhardened configuration stores, and internet-facing database admin accounts as the first surfaces that will be attacked,” Sysdic wrote.
While any ransomware attack can be catastrophic for the victim, JadePuffer also introduced a new, nihilistic threat. Generally, if a business is attacked and pays the ransom, it’s once again able to access its data. But with JadePuffer, the company is out of luck, whether it pays the ransom or not. “The AES [Advanced Encryption Standard] key was ephemeral and unrecoverable, so the victim’s configurations are unrecoverable, even with payment,” Sysdig wrote.
This new milestone comes as ransomware continues to be a preferred method of hackers. Cybercriminals pocketed more than $32 million from ransomware attacks last year—and the totals get significantly higher when you factor in business disruptions, equipment, and third-party remediation costs. (They climb even more when you consider that the majority of ransomware attacks go unreported.)
The number of reported ransomware attacks hit a record 9,251 cases in 2025, a 45% increase from 2024, according to data collected by the threat exposure management platform NordStellar.
AI firms have warned these sorts of attacks could be coming. Last August, hackers discovered an exploit in Anthropic’s Claude chatbot that allowed them to “commit large-scale theft and extortion of personal data” at 17 (and perhaps more) organizations in the healthcare, emergency services, government, and religion industries.
“This represents an evolution in AI-assisted cybercrime,” Anthropic said in a statement at the time. “AI tools are now being used to provide both technical advice and active operational support for attacks that would otherwise have required a team of operators. … We expect attacks like this to become more common as AI-assisted coding reduces the technical expertise required for cybercrime.”