AI agent hacks systems without human help
What's the story
In a major development, researchers have discovered an AI agent called JADEPUFFER capable of executing ransomware attacks on its own. The autonomous threat actor exploited a critical vulnerability to gain access to systems and launch an attack. This marks the first documented instance of such an advanced cyberattack being carried out entirely by a large language model (LLM).
AI prowess
JADEPUFFER can plan and execute attacks
JADEPUFFER is a sophisticated AI agent that can plan and execute an entire ransomware attack without human intervention. It can reason about its targets, harvest and reuse credentials, move laterally within a network, establish persistence, and even destroy a database. The researchers behind this discovery have warned that JADEPUFFER is a sign of where extortion tradecraft is heading in the future.
Attack evolution
AI agent adapted to challenges during attack
The AI agent exploited CVE-2025-3248, a critical vulnerability in an internet-facing Langflow server, to gain access. Once inside, it began gathering information about the host and scanning for cloud credentials. It even scanned the victim's internal network for other systems. What stood out was its ability to adapt when things didn't go as planned. When it couldn't access a backdoor administrator account, it diagnosed the problem and created a new account with a different password within 31 seconds.
Future implications
Threat actors could use AI to launch attacks
The researchers believe this incident shows that AI agents could make sophisticated cyberattacks accessible to less-skilled threat actors. They could also significantly speed up the exploitation of known vulnerabilities. "None of the individual techniques were novel or sophisticated. What is notable, however, is that an AI model strung them together into a complete ransomware operation against neglected internet-facing infrastructure," they said in their report.