AI Attack
Posted by DiabloChops on 07/04/2026 at 05:09 PM
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent, undoubtedly AI.
JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges, and to encrypt data.
The researchers say that the AI agent adapted to failures during the intrusion, much like a human operator would handle obstacles.
The vendor fixed the flaw on April 1, 2025, and in early May of the same year, CISA tagged it as exploited in attacks targeting internet-exposed endpoints, usually deployed with minimal hardening but containing cloud credentials and API keys.
The Bitcoin address listed in the ransom note is an example address widely used in public documentation, possibly the result of the LLM reproducing it from the training data.
Other signs that AI was controlling the attack include detailed natural-language comments in the generated code describing operational reasoning and rapid attack iteration that considers the specific errors encountered, rather than being simple retries.
The age of “agentic threat actors” (ATAs) has arrived, lowering the skill required for conducting damaging cyberattacks.
Comments
No comments yet.
Sign in or create an account to reply to this discussion.