Home NATIONAL NEWS Researchers track down world’s first AI agent ransomware attack, here’s what you...

Researchers track down world’s first AI agent ransomware attack, here’s what you should know

2
0

Source : INDIA TODAY NEWS

Ever since AI tools have become mainstream, there have been fears over the potential impact AI could have in different areas, particularly cybersecurity. Such concerns were only increased when Anthropic claimed that its Mythos AI model was too dangerous to release to the public. Last week, it seemed that this fear around AI was turning out to be true as researchers at cloud security firm Sysdig reported what they described as the first documented case of “agentic ransomware” – where an AI agent autonomously carried out a cyberattack. However, researchers say that a human was still needed to actually set up the AI agent for the attack.

advertisement

The operation, tracked as JadePuffer, exploited a known vulnerability in Langflow – an open source platform for building AI apps. This allowed the AI agent to carry out the entire cyberattack on its own from start to finish, including creating its own ransom note. Initially, this had raised concerns that no human was actually behind the attack, with the AI doing everything by itself.

A human behind cyberattack by AI

However, Sysdig has since clarified that the attack was not fully human-free. Michael Clark, the company’s senior director of threat research, told CyberScoop that a human was still needed for such an attack to take place. “A human still set up and pointed the operation and provisioned the infrastructure behind it, the command-and-control server, the staging server used for the stolen data and chose a victim,” Clark explained.

That is, while the AI agent could autonomously function during the attack, it needed a human that actually did the foundational work behind the scenes. The human ran the servers necessary for the attack, and chose the victim as well.

This is not to say that the incident was not notable. According to Michael Clark, the AI agent was able to solve problems without needing human oversight throughout the operation. “The model closed loops that used to require a skilled human,” Clark said. Keep in mind that it is unclear which AI model was actually used for the attack.

In particular, the AI agent was able to fix a login within 31 seconds, while narrating its reasoning in natural language. Michael Clark explained, “The 31-second failure-to-fix cycle on the Nacos backdoor is the clearest example of where agentic AI gave the attacker an advantage. The agent read the error, switched its approach from subprocess calls to direct library imports, and redeployed at a speed no human matches.”

Nacos is an open-source development platform made by Alibaba that allows you to manage different applications.

What was the attack?

According to Sysdig, the attack took place in late June 2026. The AI-aided operation gained initial access by exploiting a Langflow flaw, before moving towards its intended target – a production server running MySQL and Alibaba Nacos. MySQL is an open-source data management system.

advertisement

From there, the agent moved through the environment and escalated access. All of this happened as the AI agent made its own decisions without having to rely on human prompts.

The agent also searched the Langflow host for valuable material, including provider API keys, cloud credentials, cryptocurrency wallets and database configurations. The attack ultimately reached the victim’s MySQL server using root credentials that, Sysdig said, were not stolen from that environment during the intrusion. Clark said this indicated that a person had already obtained the credentials elsewhere and handed them to the agent before the operation.

Once inside, the agent encrypted more than 1,300 configuration records, wrote its own ransom note and left behind a Bitcoin address for payment. Sysdig has not identified the victim.

After the attack was completed, it was found that the key needed to unlock the data was not actually saved anywhere. That is, even if a victim paid, there would be no way to recover the encrypted data.

AI ransomware attacks now a reality?

According to Microsoft researcher Geoff McDonald, an open-weight model with stripped-down safety training, rather than a frontier model, may have been behind this incident. McDonald also warned that ransomware campaigns could become limited mainly by attacker budgets rather than human effort, opening the possibility of thousands of simultaneous operations.

advertisement

Though Sysdig says that JadePuffer appears to be a financially motivated threat actor with no clear overlap to known ransomware groups or nation states. Michael Clark stated that while there have been no similar incidents yet, “given how cheap this agentic ransomware operation is to run, I would expect this will not be the last.”

Do note that governments around the world have become alarmed over the potential threats related to AI tools when it comes to cybersecurity. The US previously restricted access to Anthropic’s Mythos 5 and Fable 5 models for foreigners based on similar concerns.

– Ends

Published By:

Armaan Agarwal

Published On:

Jul 7, 2026 09:39 IST

SOURCE :- TIMES OF INDIA