Cybersecurity
Business Insiderabout 2 hours ago
0

Cybersecurity firm says it found 'the first documented case' of AI agentic ransomware

AI

Sysdig researchers documented what they believe is the first agentic AI ransomware attack, named Jade Puffer, where an LLM autonomously orchestrated a targeted extortion campaign.

Cybersecurity firm says it found 'the first documented case' of AI agentic ransomware

Intelligence Insights

Context + impact, normalized for TechCulture.

The Big Picture
Sysdig's Threat Research Team reported the first documented case of agentic ransomware, dubbed Jade Puffer, where a large language model autonomously executed a complex attack. The AI swept servers for credentials, generated a ransom note with Bitcoin address and contact, and adapted in real time—fixing an error in 31 seconds. The attack used no novel techniques but demonstrated how AI lowers the barrier to entry, enabling attackers to scale campaigns without human expertise. Experts warn this marks a transformative moment in cybersecurity, with potential for thousands of simultaneous attacks limited only by budget.
Why It Matters
This first documented case of AI agentic ransomware marks a turning point in cybersecurity, where AI lowers the barrier to entry for sophisticated attacks. Attackers can now orchestrate complex ransomware campaigns with minimal skill and cost, potentially scaling to thousands of simultaneous operations. The AI's ability to adapt in real-time, as seen when it fixed its own code in 31 seconds, signals a new era where human limitations no longer constrain cyber threats. This shift demands urgent industry-wide preparedness, as traditional defenses may be overwhelmed by AI-driven attacks.

Deepen your understanding

Use our AI to break down complex signals.

Select an AI action to generate more depth.

A stock image of hands typing at a keyboard
A stock image of hands typing at a keyboard
Cybersecurity researchers say AI has lowered the barrier to entry to conducting ransomware attacks.

d3sign/Getty Images

  • Cybersecurity researchers say they have evidence of a major moment in AI.
  • Researchers at Sysdig believe they have documented the first agentic AI ransomware attack.
  • Sysdig said the attack shows that AI can make launching ransomware attacks much easier.

Researchers at Sysdig, a cybersecurity firm, say they found a warning sign of where agentic AI is headed.

The Sysdig Threat Research Team believes it has found the first documented evidence of agentic ransomware, where a large language model orchestrated a complex attack. The team called the attack "Jade Puffer."

"JadePuffer is a warning sign," Michael Clark, Sysdig's director of threat research, wrote in a report. "It's a marker of where extortion tradecraft is heading."

Clark wrote that Jade Puffer didn't use "novel or sophisticated techniques," but what was notable was how the AI model organized and executed the attack, illustrating that the barrier to entry for future ransomware attacks is now significantly lower.

"The skill floor for running ransomware has dropped to whatever it costs to run an agent, and if that agent is running on stolen credentials through LLMjacking, the cost to an attacker is close to zero," he wrote.

The attack itself was targeted, as one would expect for a ransomware attack. Clark wrote that the LLM swept the server for logins to AI APIs, cloud credentials, cryptocurrency wallets, and database credentials.

The AI even generated the ransom note, Clark wrote, by "creating an extortion table (README_RANSOM) containing the demand, a Bitcoin payment address, and a Proton Mail contact."

Sysdig said it was able to attribute elements of the attack to an AI model based on specific behaviors, including traces of code left by the attack on the targeted server that show telltale signs of AI generation.

"The decoded payloads are saturated with natural-language commentary explaining why each action is taken," Clark wrote.

Geoff McDonald, a data scientist and cybersecurity researcher at Microsoft, said AI could unleash a wave of similar attacks.

"Ransomware (and destructive) attacks can now scale bounded primarily by attacker budget - instead of being bounded by their human ability to operate campaigns themselves," McDonald, principal research manager on Microsoft's Defender for Endpoint team, wrote on LinkedIn. "There is now little stopping threat actors from operating thousands or tens of thousands of simultaneous campaigns."

One cybersecurity engineer said one of the most striking aspects of Jade Puffer was how the AI model adapted its operation in real time, including fixing an error in just over half a minute.

"It read the error, fixed its own code and carried on. Took 31 seconds," Oluwatobi Mustapha, a cybersecurity engineer, wrote on X. "I've spent longer than that staring at a typo."

AI was already sparking a cybersecurity moment before Sysdig uncovered evidence of Jade Puffer.

Anthropic and OpenAI have both recently released advanced AI models that they have limited access to based on the models' advanced cybersecurity capabilities. The Trump administration went so far as to impose export controls on Anthropic due to concerns about the firm's Claude Mythos 5 and Fable 5 models.

McDonald said the world is not ready for what's coming.

"This is a transformative moment in cybersecurity that in my opinion the industry and world is not ready for, and I believe will have great negative outcomes as it accelerates over these next few months," he wrote.

Read the original article on Business Insider
Big Tech AI Cybersecurity Policy Ransomware

Intelligence Exchange

0

Log in to participate in the exchange.

Sign In

Syncing Discussions...

Finding Related Intelligence...
Cybersecurity firm says it found 'the first documented case' of AI agentic ransomware | TechCulture