The cybersecurity company Sysdig discovered the ransomware attack named JadePuffer, which represents what they consider to be the first such attack to employ an artificial intelligence agent during its execution.
How JadePuffer Works
This attack utilizes an AI agent to adjust to issues encountered during the intrusion, mimicking how a human would handle obstacles. The agent has the capability to identify targets, steal credentials, perform lateral movement, establish persistence, elevate privileges, and finally, encrypt data.
JadePuffer exploits an existing vulnerability in the Langflow tool, specifically identified as CVE-2025-3248, which has already been patched. However, systems must keep their updates current to ensure protection against this security flaw.
Execution and Data Collection
This breach allows attackers to execute remote Python code. The AI agent then begins searching and collecting sensitive information, such as API keys from AI providers, cryptocurrency wallets, and database credentials. It demonstrates adaptability to the format of the obtained data, whether in XML or JSON.
