Researchers at Sysdig, a cybersecurity firm, say they found a warning sign of where agentic AI is headed.

The Sysdig Threat Research Team believes it has found the first documented evidence of agentic ransomware, where a large language model orchestrated a complex attack. The team called the attack “Jade Puffer.”

“JadePuffer is a warning sign,” Michael Clark, Sysdig’s director of threat research, wrote in a report. “It’s a marker of where extortion tradecraft is heading.”

Clark wrote that Jade Puffer didn’t use “novel or sophisticated techniques,” but what was notable was how the AI model organized and executed the attack, illustrating that the barrier to entry for future ransomware attacks is now significantly lower.

“The skill floor for running ransomware has dropped to whatever it costs to run an agent, and if that agent is running on stolen credentials through LLMjacking, the cost to an attacker is close to zero,” he wrote.

The attack itself was targeted, as one would expect for a ransomware attack. Clark wrote that the LLM swept the server for logins to AI APIs, cloud credentials, cryptocurrency wallets, and database credentials.

The AI even generated the ransom note, Clark wrote, by “creating an extortion table (README_RANSOM) containing the demand, a Bitcoin payment address, and a Proton Mail contact.”

Sysdig said it was able to attribute elements of the attack to an AI model based on specific behaviors, including traces of code left by the attack on the targeted server that show telltale signs of AI generation.

“The decoded payloads are saturated with natural-language commentary explaining why each action is taken,” Clark wrote.

Geoff McDonald, a data scientist and cybersecurity researcher at Microsoft, said AI could unleash a wave of similar attacks.

“Ransomware (and destructive) attacks can now scale bounded primarily by attacker budget – instead of being bounded by their human ability to operate campaigns themselves,” McDonald, principal research manager on Microsoft’s Defender for Endpoint team, wrote on LinkedIn. “There is now little stopping threat actors from operating thousands or tens of thousands of simultaneous campaigns.”

One cybersecurity engineer said one of the most striking aspects of Jade Puffer was how the AI model adapted its operation in real time, including fixing an error in just over half a minute.

“It read the error, fixed its own code and carried on. Took 31 seconds,” Oluwatobi Mustapha, a cybersecurity engineer, wrote on X. “I’ve spent longer than that staring at a typo.”

AI was already sparking a cybersecurity moment before Sysdig uncovered evidence of Jade Puffer.

Anthropic and OpenAI have both recently released advanced AI models that they have limited access to based on the models’ advanced cybersecurity capabilities. The Trump administration went so far as to impose export controls on Anthropic due to concerns about the firm’s Claude Mythos 5 and Fable 5 models.

McDonald said the world is not ready for what’s coming.

“This is a transformative moment in cybersecurity that in my opinion the industry and world is not ready for, and I believe will have great negative outcomes as it accelerates over these next few months,” he wrote.



Read the full article here

Share.
Leave A Reply