Close Menu

    Stay Ahead with Exclusive Updates!

    Enter your email below and be the first to know what’s happening in the ever-evolving world of technology!

    What's Hot

    Accenture Confirmed a Breach After a Hacker Listed 35GB of Its Source Code for Sale. The Company Whose Entire Business Is Securing Others Just Became the Most Embarrassing Cautionary Tale in Cybersecurity.

    July 18, 2026

    Researchers Just Documented the First AI-Powered Ransomware That Rewrites Itself Mid-Attack. JadePuffer Does Not Wait to Be Stopped. It Adapts Before You Can.

    July 18, 2026

    Apple Just Locked In Its Most Important Chip Partnership Until 2031. Here Is What the Broadcom Extension Reveals About How Serious Apple Is About Owning Its Own Silicon Future

    July 18, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter)
    PhronewsPhronews
    • Home
    • Big Tech & Startups

      Apple Just Locked In Its Most Important Chip Partnership Until 2031. Here Is What the Broadcom Extension Reveals About How Serious Apple Is About Owning Its Own Silicon Future

      July 18, 2026

      AI Has Spent Three Years Getting Smarter for People Who Can Already Afford It. Nokia Just Changed That and the Implications Go Further Than Anyone Is Crediting

      July 18, 2026

      Samsung Is About to Show Its Next Foldable Phones and the Market It Is Competing In Has Never Been More Crowded. Here Is What Galaxy Unpacked 2026 Needs to Deliver

      July 18, 2026

      CISA Just Handed Anthropic’s Most Powerful Model the Keys to Government Software. What Happens When AI Finds the Bugs That Human Auditors Missed.

      July 17, 2026

      SpaceXAI Released Grok 4.5 the Same Week as GPT-5.6. The Timing Is Not a Coincidence and the Price Gap Is the Real Story.

      July 17, 2026
    • Crypto

      Market Collapse: What Happened to NFTs?

      April 23, 2026

      Quantum Computing Advances Force Coinbase and Institutional Custodians to Rethink Crypto Security

      March 8, 2026

      AI Assisted Hacking Groups Target Crypto Firms With Multi-Layered Social Engineering

      February 18, 2026

      Global Crypto Regulations Expand as 2026 Begins With New Data Collection Frameworks and National Laws

      January 16, 2026

      Coinbase Bets on Stablecoin and On-Chain Growth as Key Market Drivers in 2026 Strategy

      January 10, 2026
    • Gadgets & Smart Tech
      Featured

      AI Has Spent Three Years Getting Smarter for People Who Can Already Afford It. Nokia Just Changed That and the Implications Go Further Than Anyone Is Crediting

      By fariehanJuly 18, 2026
      Recent

      AI Has Spent Three Years Getting Smarter for People Who Can Already Afford It. Nokia Just Changed That and the Implications Go Further Than Anyone Is Crediting

      July 18, 2026

      Samsung Is About to Show Its Next Foldable Phones and the Market It Is Competing In Has Never Been More Crowded. Here Is What Galaxy Unpacked 2026 Needs to Deliver

      July 18, 2026

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      July 14, 2026
    • Cybersecurity & Online Safety

      Accenture Confirmed a Breach After a Hacker Listed 35GB of Its Source Code for Sale. The Company Whose Entire Business Is Securing Others Just Became the Most Embarrassing Cautionary Tale in Cybersecurity.

      July 18, 2026

      Researchers Just Documented the First AI-Powered Ransomware That Rewrites Itself Mid-Attack. JadePuffer Does Not Wait to Be Stopped. It Adapts Before You Can.

      July 18, 2026

      Hackers Stole 630GB of Apple and Tesla Manufacturing Secrets from Tata Electronics. The Breach Confirms Everything Supply Chain Security Experts Have Warned About for Years.

      July 9, 2026

      Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

      July 6, 2026

      Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

      July 4, 2026
    PhronewsPhronews
    Home»Artificial Intelligence & The Future»Researchers Just Documented the First AI-Powered Ransomware That Rewrites Itself Mid-Attack. JadePuffer Does Not Wait to Be Stopped. It Adapts Before You Can.
    Artificial Intelligence & The Future

    Researchers Just Documented the First AI-Powered Ransomware That Rewrites Itself Mid-Attack. JadePuffer Does Not Wait to Be Stopped. It Adapts Before You Can.

    preciousBy preciousJuly 18, 2026No Comments
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Photo Credit: Sysdig

    Cybersecurity researchers have documented what they describe as the first known case of agentic ransomware, an attack in which an AI agent carried out the technical steps of a ransomware operation and adjusted its actions when something failed.

    Considered an agentic threat actor (ATA), JadePuffer was analyzed by Sysdig’s Threat Research Team. According to the researchers, the AI agent exploited a known vulnerability in an internet-facing Langflow instance, moved through the victim’s environment, encrypted data, and generated a ransom note.

    How JadePuffer Entered The System

    The attack began with the exploitation of CVE-2025-3248, a missing-authentication flaw in Langflow that allowed unauthenticated remote code execution. Once inside, the AI agent conducted reconnaissance and searched the environment for valuable credentials.

    Sysdig reported that the agent harvested API keys, cloud credentials, database configurations, and cryptocurrency wallet information. The company’s research team also noted that the techniques used were not new, and that the significance of the incident remains the way the AI agent combined these steps into a continuous attack chain.

    The Self-Correction Moment

    One detail drew particular attention from researchers. During the intrusion, the AI agent encountered a failed login attempt. Instead of stopping or waiting for human intervention, it diagnosed the problem, rewrote the exploit code, and retried the authentication process successfully in about 31 seconds.

    This behavior is why JadePuffer has been described as adaptive. The agent did not simply execute a fixed script; it responded to an obstacle, modified its approach, and continued the attack.

    What the Attack Accomplished

    After gaining further access, the AI agent moved laterally through the target’s network and established persistence. It then targeted a production database server and executed a destructive extortion playbook.

    Sysdig said the operation encrypted 1,342 configuration records, dropped database tables, and left behind a ransom note generated by the AI agent. The ransom note included payment instructions and a cryptocurrency address.

    The researchers also observed that the attack involved more than 600 distinct payloads during a compressed time frame. Many of these payloads included natural-language commentary that explained the agent’s reasoning as it selected targets and carried out actions.

    Why Researchers Say it Matters

    What made this JadePuffer case notable was the automation of the decision-making process. The AI agent was able to plan, execute, and adjust the technical stages of the ransomware operation without a human operator manually directing each individual step.

    Researchers have also clarified that the attack was not fully autonomous from start to finish. A human was still involved in selecting the target and preparing the attack infrastructure before the AI agent began its technical execution.

    That distinction is important because it shows the current state of AI-assisted cyberattacks. JadePuffer demonstrates that while AI can automate and adapt portions of a ransomware campaign, it does not eliminate human involvement entirely.

    What Organizations Should Focus On

    The JadePuffer case highlights the importance of basic security practices. Organizations should prioritize patching known vulnerabilities, restricting access to internet-facing services, securing credentials, and monitoring for unusual behavior in runtime environments.

    Because adaptive AI-driven attacks can modify their approach during execution, researchers say behavioral detection and runtime monitoring may become increasingly important for identifying threats that do not match known static signatures.

    JadePuffer serves as a documented example of how AI is beginning to change the speed and adaptability of ransomware operations.

    Agentic Ransomware AI cybersecurity CVE-2025-3248 JadePuffer Langflow LLM Agent Nacos Sysdig Threat Research
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email
    precious
    • LinkedIn

    I’m Precious Amusat, Phronews’ Content Writer. I conduct in-depth research and write on the latest developments in the tech industry, including trends in big tech, startups, cybersecurity, artificial intelligence and their global impacts. When I’m off the clock, you’ll find me cheering on women’s footy, curled up with a romance novel, or binge-watching crime thrillers.

    Related Posts

    Accenture Confirmed a Breach After a Hacker Listed 35GB of Its Source Code for Sale. The Company Whose Entire Business Is Securing Others Just Became the Most Embarrassing Cautionary Tale in Cybersecurity.

    July 18, 2026

    AI Has Spent Three Years Getting Smarter for People Who Can Already Afford It. Nokia Just Changed That and the Implications Go Further Than Anyone Is Crediting

    July 18, 2026

    Samsung Is About to Show Its Next Foldable Phones and the Market It Is Competing In Has Never Been More Crowded. Here Is What Galaxy Unpacked 2026 Needs to Deliver

    July 18, 2026

    Comments are closed.

    Top Posts

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026

    MIT Study Reveals ChatGPT Impairs Brain Activity & Thinking

    June 29, 2025
    Don't Miss
    Cybersecurity & Online Safety

    Accenture Confirmed a Breach After a Hacker Listed 35GB of Its Source Code for Sale. The Company Whose Entire Business Is Securing Others Just Became the Most Embarrassing Cautionary Tale in Cybersecurity.

    By preciousJuly 18, 2026

    A hacker’s post on a cybercrime forum has put one of the world’s biggest technology…

    Researchers Just Documented the First AI-Powered Ransomware That Rewrites Itself Mid-Attack. JadePuffer Does Not Wait to Be Stopped. It Adapts Before You Can.

    July 18, 2026

    Apple Just Locked In Its Most Important Chip Partnership Until 2031. Here Is What the Broadcom Extension Reveals About How Serious Apple Is About Owning Its Own Silicon Future

    July 18, 2026

    AI Has Spent Three Years Getting Smarter for People Who Can Already Afford It. Nokia Just Changed That and the Implications Go Further Than Anyone Is Crediting

    July 18, 2026
    Stay In Touch
    • Facebook
    • Twitter
    About Us
    About Us

    Evolving from Phronesis News, Phronews brings deep insight and smart analysis to the world of technology. Stay informed, stay ahead, and navigate tech with wisdom.
    We're accepting new partnerships right now.

    Email Us: info@phronews.com

    Facebook X (Twitter) Pinterest YouTube
    Our Picks
    Most Popular

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026
    © 2025. Phronews.
    • Home
    • About Us
    • Get In Touch
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.