Researchers Document First Ransomware Attack Run Almost Entirely by AI

Oscar Hird
By

Security researchers have documented what they describe as the first fully autonomous AI-run ransomware attack, in which a large language model agent independently carried out nearly every stage of a cyberattack after a human operator selected the initial target and set up the surrounding infrastructure.

Sysdig’s Threat Research Team published its full analysis of the campaign, dubbed JADEPUFFER, between July 4 and July 6. According to the report, once the attack began, an AI agent drove reconnaissance, credential harvesting, lateral movement across the compromised network, privilege escalation, persistence, database encryption, data destruction and ransom note generation without a human directing each individual step.

TechCrunch, which first covered the findings, described the case with a specific qualifier that the AI-run attack still needed a human. Sysdig researcher Crystal Clark clarified that API keys for OpenAI, Anthropic, DeepSeek and Gemini found in the incident logs were credentials the AI agent stole from the compromised environment during credential harvesting, not the models that were actually powering the attack. Sysdig said it was unable to determine which specific model drove the agent’s decision-making.

The disclosure follows a pattern of escalating AI-enabled cyberattacks documented over the past several months. Anthropic disclosed in November 2025 what it described as the first largely autonomous AI cyberattack.

A Chinese state-linked espionage campaign in which Claude Code handled an estimated 80% to 90% of tactical operations independently, targeting technology, financial services, chemical manufacturing and government organizations across multiple countries.

In early 2026, a North Korean-linked group tracked as Famous Chollima deployed AI-generated malicious code packages targeting cryptocurrency wallets. In March, another group compromised several open-source software supply chains on GitHub. Security researchers regard JADEPUFFER as the most advanced case to date in that progression.

A report from security firm HiddenLayer, cited alongside the JADEPUFFER findings, found that autonomous AI agents now account for roughly 1 in 8 reported AI-related security breaches, and that 76% of organizations surveyed identified unsanctioned internal use of AI tools, commonly referred to as shadow AI, as a growing risk.

In response to the escalating pattern, major AI developers have expanded automated defenses intended to match the pace of AI-enabled attacks, including Anthropic’s expanded cybersecurity classifiers, OpenAI’s GPT-5.5-Cyber model and Google’s Big Sleep vulnerability scanning system. Intelligence officials from the Five Eyes security alliance, which includes Australia, have separately warned that the timeline for potentially severe AI-enabled cyberattacks is now measured in months rather than years.

Share This Article
Leave a Comment
Share via
Copy link