Close Menu
  • Home
  • AI
  • Art & Style
  • Economy
  • Entertainment
  • International
  • Market
  • Opinion
  • Politics
  • Sports
  • Trump
  • US
  • World
What's Hot

Tanker collides near Strait of Hormuz, British Maritime Administration says

July 6, 2026

Student loan servicers begin issuing SAVE plan termination notices

July 6, 2026

President Trump says Balogun is ‘a little questionable’; FIFA defends referee’s red card for Balogun | 2026 World Cup News

July 6, 2026
Facebook X (Twitter) Instagram
Smart Breaking News on AI, Business, Politics & Global Trends | WhistleBuzz
Facebook X (Twitter) Instagram
  • Home
  • AI
  • Art & Style
  • Economy
  • Entertainment
  • International
  • Market
  • Opinion
  • Politics
  • Sports
  • Trump
  • US
  • World
Smart Breaking News on AI, Business, Politics & Global Trends | WhistleBuzz
Home » The ‘first’ ransomware attack executed by AI still required humans
AI

The ‘first’ ransomware attack executed by AI still required humans

Editor-In-ChiefBy Editor-In-ChiefJuly 6, 2026No Comments4 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email


Last week, researchers at cloud security company Sysdig announced they had documented the first known case of “agent-based ransomware.” This was an extortion operation called JadePuffer, in which an AI agent, rather than a human, was responsible for the technical execution of a real-world cyber attack from start to finish. The agent infiltrated vulnerable servers, stole credentials, moved through the target’s network, encrypted files, and even wrote its own ransom note, adapting to obstacles along the way like a human hacker. Funding reports describe the fund as operating with “no human oversight” and “no human sitting at the keyboard.”

That’s not the complete picture. In an interview with CyberScoop on Monday, Michael Clark, senior director of threat research at Sysdig, made it clear that humans are still heavily involved in technical execution. “Humans still set up and directed the operation, provisioned the infrastructure behind it, the command and control servers, the staging servers used for the stolen data, and selected the victims,” ​​Clark said. He added that the credentials used to infiltrate the victim’s database were not collected by the AI ​​agent itself. Someone obtained them separately by prior compromise and handed them over to the operation.

None of this contradicts Sysdig’s original claims, and the technical details of the attack are remarkable and even bleak in their own right. The agent gained entry via a known bug in Langflow, a popular open source tool for building LLM apps, and then moved to production MySQL servers and gained administrative access by exploiting another known flaw. It not only encrypted over 1,300 configuration records and left a self-written ransom note, but also a Bitcoin address where the ransom could be sent. Sysdig did not say who was targeted.

The technique was obviously quite ordinary, but what stood out was its speed and transparency. The agent fixed the failed login in 31 seconds, explaining its own reasoning with natural language code comments along the way.

One detail that initially seemed to obscure the situation has since emerged. Clark told CyberScoop that Sysdig discovered that “multiple models were used in the attack,” citing collected keys from OpenAI, Anthropic, DeepSeek, and Gemini. This language left open the question of whether multiple models were actively powering different stages of the invasion. Asked for clarification, Clark told TechCrunch that these keys were simply part of what the agents stole, not evidence of what was driving them.

“Agents wiped out Langflow hosts for valuables such as provider API keys, cloud credentials, cryptocurrency wallets, and database configurations, and those provider keys were part of the loot,” he said in an email. “These show us what the attacker thought was worth acquiring, but we don’t know which model made the decision.”

As for the model actually running JadePuffer, Clark said Sysdig was “unable to determine the specific model driving the agent” and was unable to see its system prompts or configuration.

Microsoft researcher Geoff McDonald’s theory, offered on LinkedIn a few days ago, is worth revisiting in this light. Based on his own Red Team experience showing that Frontier Labs’ security layer was working well, MacDonald suspected that an open-class model, stripped of safety training, was behind the attack rather than the Frontier model. Sysdig’s own account neither confirms nor denies that.

McDonald’s post also warned that ransomware campaigns are now primarily limited by the attacker’s budget rather than human effort, increasing the likelihood of “thousands or tens of thousands of simultaneous campaigns.” This concern is a little difficult to reconcile with what Clark said on Monday. (At least it becomes a bit of a bottleneck if a human still has to select each victim, provision the infrastructure, and obtain database credentials for every operation.)

In any case, Clark told CyberScoop that Sysdig hasn’t seen the same operation hit other victims yet, but he expects that to change given how cheap it is to hire agents.

If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Editor-In-Chief
  • Website

Related Posts

Vercel CEO Guillermo Rauch talks about the battle to separate models from agents

July 6, 2026

US investors will soon have access to SK Hynix, another memory maker riding on the AI ​​boom

July 6, 2026

Reddit uses LLM to solve problems that LLM primarily created

July 6, 2026
Add A Comment

Comments are closed.

News

President Trump says Balogun is ‘a little questionable’; FIFA defends referee’s red card for Balogun | 2026 World Cup News

By Editor-In-ChiefJuly 6, 2026

In response to Trump’s comments, FIFA announced that Rafael Klaus is “one of the world’s…

“MAGA agenda on display”: FIFA condemns President Trump over Balogun red card incident | 2020 2026 World Cup News

July 6, 2026

‘Winning is a stain’: American reaction to FIFA and Balogun controversy 2026 World Cup News

July 6, 2026
Top Trending

The ‘first’ ransomware attack executed by AI still required humans

By Editor-In-ChiefJuly 6, 2026

Last week, researchers at cloud security company Sysdig announced they had documented…

Vercel CEO Guillermo Rauch talks about the battle to separate models from agents

By Editor-In-ChiefJuly 6, 2026

Known for its cloud infrastructure that allows developers to deploy agents without…

US investors will soon have access to SK Hynix, another memory maker riding on the AI ​​boom

By Editor-In-ChiefJuly 6, 2026

South Korean memory chip maker SK Hynix, a rival to Samsung and…

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Welcome to WhistleBuzz.com (“we,” “our,” or “us”). Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://whistlebuzz.com/ (the “Site”). Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

Facebook X (Twitter) Instagram Pinterest YouTube

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Advertise With Us
  • Contact US
  • DMCA Policy
  • Privacy Policy
  • Terms & Conditions
  • About US
© 2026 whistlebuzz. Designed by whistlebuzz.

Type above and press Enter to search. Press Esc to cancel.