Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 340, Issue 1IT Vendor NewsSysdig

JADEPUFFER: Agentic Ransomware for Automated Database Extortion

Sysdig, Wednesday, July 1st, 2026

Sysdig documents JADEPUFFER, what it believes is the first fully autonomous, LLM-driven ransomware attack.

The Sysdig Threat Research Team documented JADEPUFFER, believed to be the first known instance of fully autonomous ransomware driven entirely by an LLM.

The actor exploited a Langflow vulnerability for initial access, then harvested credentials, performed reconnaissance, and executed a destructive attack against a production database. The operation showed autonomous, self-correcting behavior, notably fixing a failed admin account creation within 31 seconds without human intervention, before encrypting a victim's Nacos configurations and destroying multiple databases.

Researchers warn this lowers the barrier to entry, noting the skill floor for running ransomware has dropped to whatever it costs to run an agent, expanding the attack surface across neglected internet-exposed infrastructure.

more →  ·  More from Sysdig →