f in x
First AI-run ransomware still needed a human: the truth behind JadePuffer
> cd .. / HUB_EDITORIALE
News

First AI-run ransomware still needed a human: the truth behind JadePuffer

[2026-07-07] Author: Ing. Calogero Bono
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

Last week, researchers at cloud security firm Sysdig announced they had documented the first known case of 'agentic ransomware' an attack dubbed JadePuffer in which an AI agent handled the technical execution of a real-world extortion operation from start to finish. The agent breached a vulnerable server, stole credentials, moved laterally through the target's network, encrypted files, and even wrote its own ransom note, adapting to obstacles like a human hacker. Initial coverage described it as running 'without any human oversight' with 'no human at the keyboard.' But that's not the full picture.

The human behind the AI agent

In an interview on Monday with CyberScoop, Sysdig's Michael Clark, senior director of threat research, clarified that a human was still heavily involved though not in the technical execution. 'A human still set up and pointed the operation, provisioned the infrastructure behind it, the command-and-control server, the staging server for stolen data, and chose a victim,' Clark said. The credentials used to break into the victim's database were not harvested by the AI agent itself they were obtained separately through a prior compromise and handed to the operation. This does not contradict Sysdig's original claim but tempers the hype of a fully autonomous AI.

Sponsored Protocol

Technical details of the intrusion

The agent gained initial access through a known bug in Langflow, a popular open-source tool for building LLM applications, then moved to a production MySQL server and exploited another known flaw to gain admin access. It encrypted over 1,300 configuration records and not only left a self-written ransom note but also included a Bitcoin address for payment. Sysdig has not disclosed the victim's identity. The techniques were fairly ordinary, but what stood out was the speed and transparency: the agent fixed a failed login in 31 seconds, narrating its reasoning in natural-language code comments throughout.

Sponsored Protocol

Future of automated attacks

One initially confusing detail was Clark's statement that 'multiple models were used in the attack,' citing keys for OpenAI, Anthropic, DeepSeek, and Gemini. Upon clarification, he told TechCrunch those keys were part of the loot stolen by the agent, not evidence of what was driving it. 'The agent swept the Langflow host for anything valuable provider API keys, cloud credentials, cryptocurrency wallets, and those provider keys were part of the loot. They don't tell us which model was making decisions.' Sysdig could not identify the specific model driving JadePuffer.

Microsoft researcher Geoff McDonald theorized on LinkedIn that an open-weight model with safety layers stripped was behind the attack, based on his red-teaming experience. Sysdig neither confirms nor rules this out. McDonald warned that ransomware campaigns are now bounded primarily by attacker budget, raising the possibility of 'thousands or tens of thousands of simultaneous campaigns.' However, Clark noted that a human still must choose each victim, provision infrastructure, and obtain database credentials for each operation a significant bottleneck.

Sponsored Protocol

Nonetheless, Clark told CyberScoop that while Sysdig hasn't seen the same operation hit other victims yet, given the low cost of running an agent, he expects that to change. This episode highlights how artificial intelligence is transforming cybersecurity, but also how human involvement remains critical. In a landscape where Europe risks falling behind in AI investment, the need for advanced defenses is more urgent than ever. For a deeper understanding of ransomware, refer to the Wikipedia entry on ransomware.

Source: https://techcrunch.com/2026/07/06/the-first-ai-run-ransomware-attack-still-needed-a-human

Ing. Calogero Bono

> AUTHOR_EXTRACTED

Ing. Calogero Bono

Ingegnere informatico, fondatore di Meteora Web e Zenith OS. System administrator e progettista di piattaforme, app e CMS proprietari, con esperienza in sviluppo full-stack, marketing digitale ed ecosistema Google.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()