
Sysdig documented the first ransomware op run entirely by an AI agent (JADEPUFFER) — thoughts on detection at this speed?
Sysdig's TRT published a report on JADEPUFFER, which they're calling the first fully agentic ransomware operation. Entry via Langflow CVE-2025-3248 (missing auth, patched since May 2025, CVSS 9.8). Once in, the agent harvested LLM provider keys + cloud creds, dumped Postgres, then pivoted to a production MySQL/Nacos box via a 2021 auth bypass and encrypted 1,342 config items — never saving the encryption key, so it's unrecoverable regardless of payment.
What stood out to me technically: the agent adapted mid-attack — rewrote a parser on the fly when it got XML instead of expected JSON, and reportedly fixed a failed login in ~31 seconds. None of the individual techniques are new. The orchestration speed is the whole story.
Open question for the sub: if detection tooling is tuned for human-paced dwell time, how much of current SOC playbook logic actually holds up against an adversary iterating in seconds instead of hours?
https://www.techgines.com/post/jadepuffer-ai-ransomware-langflow-cve-2025-3248
I previously covered a related Langflow RCE (CVE-2026-33017) here if you want more background: https://www.techgines.com/post/cisa-confirms-langflow-rce-cve-2026-33017-attackers-had-working-exploits-before-the-world-had-a-poc