News
CAPACITY TEST:

Sysdig Says AI Ransomware Still Needed Human Setup

Newsroom brief

Sysdig described JadePuffer as agentic ransomware, but Michael Clark said a human still chose the victim, provisioned infrastructure and supplied database credentials before the AI agent executed the attack.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
Sysdig Says AI Ransomware Still Needed Human Setup
Image source: TechCrunch

Sysdig Says JadePuffer Used An AI Agent But Still Needed Human Setup

Sysdig researchers described JadePuffer as agentic ransomware, but the operation still depended on a human operator to choose the victim, provide infrastructure and hand over database credentials before the AI agent carried out the intrusion.

Michael Clark, Sysdig's senior director of threat research, said in a Monday interview that a person set up the command-and-control server, staging server and target selection.

He said the credentials used to enter the victim's database came from a prior compromise rather than from the agent itself.

That distinction narrows the claim around the AI-run ransomware attack without removing the security risk.

Sysdig's account says the agent handled the technical execution after setup: it entered through a known Langflow bug, moved to a production MySQL server, exploited another known flaw for admin access and encrypted more than 1,300 configuration records.

Langflow And MySQL Flaws Were Used Before File Encryption

Sysdig said JadePuffer began with a vulnerable Langflow host.

Langflow is an open-source tool for building LLM applications, and Sysdig said the agent used a known bug there before moving deeper into the environment.

The agent then reached a production MySQL server and used a separate known flaw to obtain admin access.

Sysdig said it encrypted more than 1,300 configuration records, wrote its own ransom note and left a Bitcoin address for payment.

The disclosed techniques were not described as novel exploits.

Sysdig's account points instead to the agent's speed and autonomous execution once the operation had been prepared by a person.

Sysdig said the agent repaired a failed login in 31 seconds while narrating its reasoning in natural-language code comments.

Stolen API Keys Did Not Identify The Model Behind JadePuffer

Clark also clarified a separate point about the models involved.

He had said Sysdig found harvested keys for OpenAI, Anthropic, DeepSeek and Gemini, but later said those keys were loot from the compromised host rather than proof that several models ran the attack.

Clark said by email that the agent searched the Langflow host for provider API keys, cloud credentials, cryptocurrency wallets and database configurations.

He said the keys showed what the attacker considered worth stealing, but did not show which model made the operational decisions.

Sysdig has not identified the specific model that drove JadePuffer.

Clark said the company also lacks visibility into the system prompt or configuration used for the agent.

That leaves the central tooling question unresolved even though the intrusion path and the human setup role are clearer.

Open-Weight Model Theory Remains Unconfirmed

Microsoft researcher Geoff McDonald suggested on LinkedIn that an open-weight model with safety training stripped out may have powered the operation.

His view was based on red-teaming experience that frontier labs' safety layers hold up well, but Sysdig's account did not confirm or rule out that theory.

McDonald also warned that ransomware campaigns could become bounded more by attacker budget than by human labour, with thousands or tens of thousands of simultaneous campaigns becoming possible.

Clark's description adds a constraint to that scenario because the operation still required a person to pick a victim, prepare infrastructure and supply credentials.

Clark told CyberScoop that Sysdig had not seen the same operation hit other victims yet.

He said low agent-running costs could change that, but the company did not identify the victim, name the model, publish the system prompt, disclose the prior credential compromise, or confirm other JadePuffer infections.

Share this article
inXf

Related articles

More
AI Coding Push Turns Developers Into a Prime Cybersecurity Target
Cybersecurity

AI Coding Push Turns Developers Into a Prime Cybersecurity Target

A Japanese @IT analysis says attackers are increasingly targeting developers because AI coding tools, OSS, CI/CD pipelines and cloud services concentrate valuable credentials around them. The report highlights vulnerable AI-generated code, fake recruiting approaches, polluted open-source packages and GitHub Actions-style automation attacks. The practical warning is that companies need stronger identity, dependency and workflow controls rather than relying only on individual developer caution.

Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack
Cybersecurity

Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack

Socket reported 162 malicious release artefacts across 108 packages in the PolinRider supply-chain campaign. The report names Go, Packagist and Chrome extension exposure but does not identify victim companies.

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem
Cybersecurity

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem

Palo Alto Networks shares fell more than 4% after stronger quarterly results and current-quarter guidance failed to satisfy investors looking for faster AI-linked earnings upside. CEO Nikesh Arora reiterated a fiscal 2030 target of more than 4,000 platformizations and a USD 20 billion NGS ARR goal. The practical question is whether AI-related security demand turns into NGS ARR progress as data center infrastructure is ordered, installed and brought online.

Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study
Cybersecurity

Unit 42 Finds 13,229 Malicious URLs In AI Phantom-Domain Study

Unit 42 said its phantom-squatting research generated 685,339 prompts across 913 brands and produced 2.1 million unique URLs, including 13,229 malicious URLs and about 250,000 unique phantom domains. The vendor research did not disclose the brand list, affected customer names or named domains tied to data loss.

IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline
Cybersecurity

IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline

Japan’s Information-technology Promotion Agency published a Japanese translation of CISA’s Cross-Sector Cybersecurity Performance Goals Version 2.0 for domestic critical infrastructure operators. The guidance covers IT and operational technology, maps goals to NIST CSF 2.0, and frames the controls as minimum practices rather than a full cybersecurity program. The practical question is whether asset owners use the worksheet to rank gaps by cost, complexity and impact, then review progress after 12 months.

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda
Cybersecurity

CISA Android and Linux Warnings Put Patch Timing Back on the Security Agenda

CISA added exploited Android and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog. The Android flaw affects Android 14 through 16, while the Linux issue centers on older kernel branches and cgroups v1 container environments. The immediate test is whether agencies and infrastructure operators apply vendor updates or mitigations by CISA's June 5 deadline.

Keep Reading

More Stories

Latest
Saudi GASTAT Opens Digital Economy Survey Before Adoption ResultsCapital & PolicyJul 7, 2026Saudi GASTAT Opens Digital Economy Survey Before Adoption ResultsSaudi Arabia’s statistics authority has launched a digital economy survey across establishments, but it has not yet published adoption rates, sample size or a release timetable.Anthropic Signs $19 Billion TeraWulf Lease Without Naming Hawesville ChipsCloud & Data CentersJul 7, 2026Anthropic Signs $19 Billion TeraWulf Lease Without Naming Hawesville ChipsAnthropic agreed to a $19 billion, 20-year TeraWulf data-centre lease for a 401MW Kentucky campus. TeraWulf disclosed the site, cooling design and investment range, but did not identify the chips or first capacity tranche.Visa Data Shows USDC Leading Stablecoin Volume At 70%Fintech & Digital PaymentsJul 7, 2026Visa Data Shows USDC Leading Stablecoin Volume At 70%CoinDesk reported that Visa data showed USDC with about 70% of adjusted stablecoin transaction volume in the first half of 2026, while June volume reached $1.79 trillion and bank-level usage remained undisclosed.Tomato Novel Caps AI Writing After 104,000 June RejectionsAIJul 7, 2026Tomato Novel Caps AI Writing After 104,000 June RejectionsRest of World reported that Chinese web-novel platforms are adding limits after Tomato Novel said it rejected more than 104,000 low-quality submissions in June and Jinjiang restricted AI to research and proofreading.Siada Opens RAK Sovereign AI Data Centre Without Naming GPU CountCloud & Data CentersJul 7, 2026Siada Opens RAK Sovereign AI Data Centre Without Naming GPU CountIOPn and Innovation City said Siada has opened access to a Ras Al Khaimah sovereign AI data centre powered by NVIDIA B200 GPUs, but they did not disclose GPU count, power capacity, pricing or named customers.MSI BIOS Adds 8,200 MT/s Validation For CXMT DDR5 On AMD BoardsChips & SemiconductorsJul 7, 2026MSI BIOS Adds 8,200 MT/s Validation For CXMT DDR5 On AMD BoardsTom's Hardware reported that MSI beta BIOS updates validate CXMT DDR5 at up to 8,200 MT/s on dual-DIMM AMD AM5 boards and 7,200 MT/s on quad-DIMM models. MSI did not disclose final BIOS release dates, full board coverage or independent stability results.Homebuilt GPU Uses 8,192 RISC-V MCUs Before 32,000-Chip VersionChips & SemiconductorsJul 7, 2026Homebuilt GPU Uses 8,192 RISC-V MCUs Before 32,000-Chip VersionBitluni built a working homebrew GPU cluster around 8,192 CH570 RISC-V microcontrollers, with a 32,000-MCU version planned. The project still lacks published performance results and design files.Klarna Bank USA Filing Seeks Direct Control Of Deposits And PaymentsFintech & Digital PaymentsJul 7, 2026Klarna Bank USA Filing Seeks Direct Control Of Deposits And PaymentsKlarna has filed with Utah regulators and the FDIC to establish Klarna Bank USA, an industrial bank that would bring deposits, funding, payments, lending and merchant services closer to the fintech while adding bank-level supervision.SK Telecom Targets 15GW AI Data Centre Buildout Without Full TimelineCloud & Data CentersJul 7, 2026SK Telecom Targets 15GW AI Data Centre Buildout Without Full TimelineSK Telecom said its South Korea AI data centre plan could reach 15GW, while the government cited an initial 8.4GW programme. SKT did not give a full cost or delivery timetable for the remaining 10GW.China AI Companion Rules Push Doubao And Qwen To Disable Humanlike AgentsCapital & PolicyJul 7, 2026China AI Companion Rules Push Doubao And Qwen To Disable Humanlike AgentsAI News reported that China's AI companion rules take effect on July 15, after ByteDance and Alibaba switched off humanlike agent features in Doubao and Qwen. The measures set duties for minors, distress detection and security assessments, but the technical threshold for emotional interaction remains unclear.Dubai Smart Gates Process 9.4 Million Travellers In Six MonthsEconomyJul 7, 2026Dubai Smart Gates Process 9.4 Million Travellers In Six MonthsGDRFA Dubai said more than 9.4 million travellers used Dubai smart gates and Red Carpet digital travel services in the first half of 2026, with Red Carpet clearance averaging 3.4 seconds. The authority did not disclose project cost, vendors, error rates or a wider rollout timetable.Even Realities Raises $150 Million For Display-First Smart GlassesAIJul 6, 2026Even Realities Raises $150 Million For Display-First Smart GlassesTechCrunch reported that Even Realities raised $150 million at a $1 billion valuation, led by Meituan and Tencent, as the Shenzhen startup pushes camera-free smart glasses built around a heads-up display. The company has not disclosed regional shipment splits, gross margins or a China launch date.