CVE Tools
Back to feed
BleepingComputer ·EN-US News source

JadePuffer ransomware used AI agent to automate entire attack

By Bill Toulas··3 min read
CVE Tools coverage

Researchers report a ransomware case, JadePuffer, in which an autonomous LLM agent handled reconnaissance through credential theft, lateral movement, persistence, privilege escalation, and finally encryption. Initial access was achieved by exploiting CVE-2025-3248 in Langflow, with later impact on Alibaba Nacos also involving CVE-2021-29441 for an authentication bypass that enables rogue admin creation. This matters because AI-driven “agentic” malware could reduce the expertise needed to run full intrusion chains while also changing detection requirements for defenders.