728 x 90

Cybersecurity firm says it found “first documented case” of AI agent ransomware

Cybersecurity firm says it found “first documented case” of AI agent ransomware

Researchers at Sysdig, a cybersecurity company, say they found a warning sign of where agent AI is headed. Sysdig’s threat research team believes it has found the first documented evidence of agent ransomware, where a large language model orchestrated a complex attack. The team named the attack “Jade Puffer.” “JadePuffer is a warning sign,” Michael

Researchers at Sysdig, a cybersecurity company, say they found a warning sign of where agent AI is headed.

Sysdig’s threat research team believes it has found the first documented evidence of agent ransomware, where a large language model orchestrated a complex attack. The team named the attack “Jade Puffer.”

“JadePuffer is a warning sign,” Michael Clark, director of threat research at Sysdig, wrote in a report. “It’s an indicator of where the art of extortion is headed.”

Clark wrote that Jade Puffer did not use “novel or sophisticated techniques,” but what was notable was how the AI ​​model organized and executed the attack, illustrating that the barrier to entry for future ransomware attacks is now significantly lower.

“The abilities to run ransomware have been reduced to what it costs to run an agent, and if that agent is run with credentials stolen through LLMjacking, the cost to an attacker is close to zero,” he wrote.

The attack itself was targeted, as you would expect from a ransomware attack. Clark wrote that the LLM searched the server for AI API logins, cloud credentials, cryptocurrency wallets, and database credentials.

The AI ​​even generated the ransom note, Clark wrote, “by creating a extortion table (README_RANSOM) containing the demand, a Bitcoin payment address, and a Proton Mail contact.”

Sysdig said it was able to attribute elements of the attack to an AI model based on specific behaviors, including code traces left by the attack on the target server that show telltale signs of AI generation.

“The decoded payloads are packed with natural language comments explaining why each action is performed,” Clark wrote.

Geoff McDonald, a data scientist and cybersecurity researcher at Microsoft, said AI could unleash a wave of similar attacks.

“Ransomware (and destructive) attacks can now scale limited primarily by the attacker’s budget, rather than being limited by their human ability to operate campaigns themselves,” McDonald, senior director of research on Microsoft’s Defender for Endpoint team, wrote on LinkedIn. “There is now little to stop threat actors from operating thousands or tens of thousands of simultaneous campaigns.”

One cybersecurity engineer said one of the most surprising aspects of Jade Puffer was how the AI ​​model adapted its operation in real time, including correcting a bug in just over half a minute.

“He read the error, fixed his own code, and continued. It took 31 seconds,” Oluwatobi Mustapha, a cybersecurity engineer, wrote on X. “I’ve spent more time looking at a typo.”

AI was already sparking a cybersecurity moment before Sysdig discovered evidence of Jade Puffer.

Anthropic and OpenAI have recently released advanced AI models to which they have limited access based on the models’ advanced cybersecurity capabilities. The Trump administration went so far as to impose export controls on Anthropic over concerns about the company’s Claude Mythos 5 and Fable 5 models.

McDonald said the world is not prepared for what is coming.

“This is a transformative moment in cybersecurity that I believe the industry and the world is not prepared for, and I believe it will have big negative results as it accelerates in the coming months,” he wrote.