AI Ransomware That Adapted on the Fly, What JadePuffer Reveals About the Next Threat

A new ransomware operation reportedly shows how far automated attacks may have progressed. Sysdig says the campaign, called JadePuffer, could plan, adjust, and carry out steps on its own with the help of an AI agent built on a large language model.

If that assessment holds, the threat landscape is shifting in a serious way. The most striking detail is not just that the malware acted automatically, but that it appeared able to learn from failures and change tactics without waiting for a human operator.

How the intrusion began

Sysdig said the campaign started by exploiting CVE-2025-3248, a remote code execution flaw in Langflow. The vulnerability had already been patched in April 2025 and later appeared on CISA’s list of known exploited vulnerabilities.

Once inside the target environment, the AI agent followed a familiar ransomware playbook. It gathered host information, searched for credentials and sensitive files, extracted cloud secrets, mapped storage resources, and moved laterally across other systems in the victim’s infrastructure.

JadePuffer Attack PhaseObserved Activity
Initial accessExploited CVE-2025-3248 in Langflow
ReconnaissanceCollected host data, credentials, and sensitive files
Data extractionPulled cloud secrets and mapped storage
Lateral movementReached other systems in the victim environment
PersistenceCreated a scheduled cron job to stay active

Why researchers say it looks AI-generated

One of the strongest signals came when the agent ran into an unexpected XML response while trying to access MinIO object storage. Instead of stopping, it modified its parsing logic and tried another method until it succeeded.

In another case, a login attempt failed, but the malware corrected the mistake and retried authentication in about 31 seconds without human help. Sysdig also noted that the ransom note included unusually detailed natural-language comments, as if the system were explaining its own actions.

Encryption, account abuse, and the ransom note

After gaining broader access, JadePuffer established persistence through a scheduled cron job. It then moved to a production server running Alibaba Nacos and exploited CVE-2021-29441 to create an illegal administrator account.

That access was used to encrypt 1,342 Nacos configuration records, delete the originals, and replace them with a ransom note demanding bitcoin. The note also contained what researchers described as highly detailed commentary on the logic behind each step.

There are also signs that the operation may have been generated by AI. The bitcoin wallet address in the note pointed to a sample wallet commonly used in documentation rather than a real payment address.

Sysdig further said the malware claimed to use AES-256 encryption, but analysis suggested it was more likely using AES-128 in ECB mode. That mismatch is one of several reasons the campaign is being treated as a likely AI-produced operation.

A more automated threat, but still built on old weaknesses

JadePuffer does not appear to have invented a new exploit technique, but its level of automation marks a major step forward. The AI behind the attack could perform reconnaissance, increase privileges, maintain persistence, and deploy ransomware without needing instructions at every stage.

Sysdig said the case is evidence that agentic AI-enabled threats are now real. At the same time, the unusual behavior and coding style may also give security teams new ways to detect similar malware more effectively.

The incident reinforces the need to patch exploited vulnerabilities quickly, keep internet-facing systems updated, and secure cloud credentials. Even in the age of AI-driven attacks, basic defenses remain the most important layer of protection.

Source: www.beritasatu.com
Related