Close Menu
  • Home
  • AI
  • Entertainment
  • Finance
  • Sports
  • Tech
  • USA
  • World
  • Latest News

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

What's Hot

Toyota to spend $3.6 billion to move Tacoma trucks from Mexico to U.S.

July 7, 2026

Country singer loses 70 pounds

July 7, 2026

Mbappé and FFF hit back at Paraguay’s Amarilla senator over racist abuse | 2026 World Cup News

July 7, 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram Vimeo
BWE News – USA, World, Tech, AI, Finance, Sports & Entertainment Updates
  • Home
  • AI
  • Entertainment
  • Finance
  • Sports
  • Tech
  • USA
  • World
  • Latest News
BWE News – USA, World, Tech, AI, Finance, Sports & Entertainment Updates
Home » The ‘first’ ransomware attack executed by AI still required humans
AI

The ‘first’ ransomware attack executed by AI still required humans

adminBy adminJuly 7, 2026No Comments4 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
Share
Facebook Twitter LinkedIn Pinterest Email


Last week, researchers at cloud security company Sysdig announced they had documented the first known case of “agent-based ransomware.” This was an extortion operation called JadePuffer, in which an AI agent, rather than a human, was responsible for the technical execution of a real-world cyber attack from start to finish. The agent infiltrated vulnerable servers, stole credentials, moved through the target’s network, encrypted files, and even wrote its own ransom note, adapting to obstacles along the way like a human hacker. Funding reports describe the fund as operating with “no human oversight” and “no human sitting at the keyboard.”

That’s not the complete picture. In an interview with CyberScoop on Monday, Michael Clark, senior director of threat research at Sysdig, made it clear that humans are still heavily involved in technical execution. “Humans still set up and directed the operation, provisioned the infrastructure behind it, the command and control servers, the staging servers used for the stolen data, and selected the victims,” ​​Clark said. He added that the credentials used to infiltrate the victim’s database were not collected by the AI ​​agent itself. Someone obtained them separately by prior compromise and handed them over to the operation.

None of this contradicts Sysdig’s original claims, and the technical details of the attack are remarkable and even bleak in their own right. The agent gained entry via a known bug in Langflow, a popular open source tool for building LLM apps, and then moved to production MySQL servers and gained administrative access by exploiting another known flaw. It not only encrypted over 1,300 configuration records and left a self-written ransom note, but also a Bitcoin address where the ransom could be sent. Sysdig did not say who was targeted.

The technique was obviously quite ordinary, but what stood out was its speed and transparency. The agent fixed the failed login in 31 seconds, explaining its own reasoning with natural language code comments along the way.

One detail that initially seemed to obscure the situation has since emerged. Clark told CyberScoop that Sysdig discovered that “multiple models were used in the attack,” citing collected keys from OpenAI, Anthropic, DeepSeek, and Gemini. This language left open the question of whether multiple models were actively powering different stages of the invasion. Asked for clarification, Clark told TechCrunch that these keys were simply part of what the agents stole, not evidence of what was driving them.

“Agents wiped out Langflow hosts for valuables such as provider API keys, cloud credentials, cryptocurrency wallets, and database configurations, and those provider keys were part of the loot,” he said in an email. “These show us what the attacker thought was worth acquiring, but we don’t know which model made the decision.”

As for the model actually running JadePuffer, Clark said Sysdig was “unable to determine the specific model driving the agent” and was unable to see its system prompts or configuration.

Microsoft researcher Geoff McDonald’s theory, offered on LinkedIn a few days ago, is worth revisiting in this light. Based on his own Red Team experience showing that Frontier Labs’ security layer was working well, MacDonald suspected that an open-class model, stripped of safety training, was behind the attack rather than the Frontier model. Sysdig’s own account neither confirms nor denies that.

McDonald’s post also warned that ransomware campaigns are now primarily limited by the attacker’s budget rather than human effort, increasing the likelihood of “thousands or tens of thousands of simultaneous campaigns.” This concern is a little difficult to reconcile with what Clark said on Monday. (At least it becomes a bit of a bottleneck if a human still has to select each victim, provision the infrastructure, and obtain database credentials for every operation.)

In any case, Clark told CyberScoop that Sysdig hasn’t seen the same operation hit other victims yet, but he expects that to change given how cheap it is to hire agents.

If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
Previous ArticlePenelope Cruz, husband Javier Bardem’s marriage: What she learned
Next Article Stock Market Today: Live Updates
admin
  • Website

Related Posts

Vercel CEO Guillermo Rauch talks about the battle to separate models from agents

July 7, 2026

US investors will soon have access to SK Hynix, another memory maker riding on the AI ​​boom

July 6, 2026

Reddit uses LLM to solve problems that LLM primarily created

July 6, 2026

AI will be named in all major technology layoffs in 2026

July 6, 2026
Leave A Reply Cancel Reply

Our Picks

Newly freed hostages face long road to recovery after two years in captivity

October 15, 2025

Former Kenyan Prime Minister Raila Odinga dies at 80

October 15, 2025

New NATO member offers to buy more US weapons to Ukraine as Western aid dwindles

October 15, 2025

Russia expands drone targeting on Ukraine’s rail network

October 15, 2025
Don't Miss
Entertainment

Country singer loses 70 pounds

By adminJuly 7, 20260

Lizzo just wanted to feel better from head to toe. “Since I started working out…

Penelope Cruz, husband Javier Bardem’s marriage: What she learned

July 7, 2026

Hilary Duff of Bath & Body Works Creates Summer Dreams

July 6, 2026

Matt Damon talks about daughter Alexia Barroso’s Hollywood career

July 6, 2026
About Us
About Us

Welcome to BWE News – your trusted source for timely, reliable, and insightful news from around the globe.

At BWE News, we believe in keeping our readers informed with facts that matter. Our mission is to deliver clear, unbiased, and up-to-date news so you can stay ahead in an ever-changing world.

Our Picks

Cuba suffers nationwide power outage as US pressure continues

July 6, 2026

As NATO meets, Putin considers options in Ukraine and further afield

July 6, 2026

Australian Prime Minister Albanese apologizes for ‘disrespectful’ comments about Kylie Minogue

July 6, 2026

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Facebook X (Twitter) Instagram Pinterest
  • Home
  • About Us
  • Advertise With Us
  • Contact US
  • DMCA
  • Privacy Policy
  • Terms & Conditions
© 2026 bwenews. Designed by bwenews.

Type above and press Enter to search. Press Esc to cancel.