For the first time, threat actors have deployed agentic ransomware that independently managed an extensive extortion operation. Researchers at Sysdig documented an attack in late June 2026 where an AI agent orchestrated reconnaissance, credential theft, lateral movement, persistence, encryption, data destruction, and the delivery of a ransom note.
While the AI agent did not successfully complete every phase of the attack, its involvement significantly streamlined the process for the threat actor, identified as JadePuffer. This allowed for a reduction in complexity and an acceleration of the attack tempo, providing operational advantages to the attacker.
The Rise of Agentic Ransomware
This incident marks a significant evolution in cybercrime tactics, with artificial intelligence playing a central role in coordinating attack chains. “We have seen attackers script attacks for years, and we have seen AI speed up individual steps of attack chains,” stated Michael Clark, senior director of threat research at Sysdig. However, this specific attack was “driven end-to-end by the model’s own decision-making, rather than a human at the keyboard,” he explained.
How the AI Agent Operated
The AI-aided attack gained initial access by exploiting a vulnerability in Langflow (CVE-2025-3248). From there, the agent proceeded to its target: a production server running MySQL and Alibaba Nacos. Sysdig researchers noted several factors that contributed to this being the first documented instance of agentic ransomware.
The payloads used in the attack contained clear descriptions of their objectives and identified high-value databases, details that large language models typically annotate by default. The AI agent demonstrated a rapid ability to diagnose and overcome obstacles. In one instance, it rede

