Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Trade Deadline Outlook: Philadelphia Phillies

    July 7, 2026

    De Ketelaere double gives Belgium deserved half-time lead against USA after Balogun saga

    July 7, 2026

    ‘DWTS’ Cheryl Burke Has Response For Body-Shaming Critics

    July 7, 2026
    Facebook X (Twitter) Instagram
    Select Language
    Facebook X (Twitter) Instagram
    NEWS ON CLICK
    Subscribe
    Tuesday, July 7
    • Home
      • United States
      • Canada
      • Spain
      • Mexico
    • Top Countries
      • Canada
      • Mexico
      • Spain
      • United States
    • Politics
    • Business
    • Entertainment
    • Fashion
    • Health
    • Science
    • Sports
    • Travel
    NEWS ON CLICK
    Home»Science & Technology»US Science & Tech»The ‘first’ AI-run ransomware attack still needed a human
    US Science & Tech

    The ‘first’ AI-run ransomware attack still needed a human

    News DeskBy News DeskJuly 6, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link LinkedIn Tumblr Email VKontakte Telegram
    The 'first' AI-run ransomware attack still needed a human
    Share
    Facebook Twitter Pinterest Email Copy Link

    Last week, researchers at cloud security firm Sysdig said they’d documented the first known case of “agentic ransomware.” It was an extortion operation, dubbed JadePuffer, in which an AI agent — not a human — handled the technical execution of a real-world cyberattack from start to finish. The agent broke into a vulnerable server, stole credentials, moved through the target’s network, encrypted files, and even wrote its own ransom note, adapting to obstacles along the way like a human hacker would. Coverage of the funding described it as run “without any human oversight,” with “no human at the keyboard.”

    That’s not quite the full picture. In an interview on Monday with CyberScoop, Sysdig’s Michael Clark, the company’s senior director of threat research, clarified that a human was still very much involved — just not in the technical execution. “A human still set up and pointed the operation and provisioned the infrastructure behind it, the command-and-control server, the staging server used for the stolen data and chose a victim,” Clark said. The credentials used to break into the victim’s database, he added, weren’t harvested by the AI agent itself; someone obtained them separately, through a prior compromise, and handed them to the operation.

    None of this contradicts Sysdig’s original claim, and the technical details of the attack remain notable on their own — wild, even. The agent got in through a known bug in Langflow, a popular open-source tool for building LLM apps, then moved on to a production MySQL server and exploited another known flaw to gain admin access. It encrypted over 1,300 configuration records and not only left behind a ransom note that it wrote itself but it left a Bitcoin address where the ransom could be sent. Sysdig hasn’t disclosed who was targeted.

    The techniques were fairly ordinary apparently, what stood out was the speed and transparency involved. The agent fixed a failed login in 31 seconds, narrating its own reasoning in natural-language code comments the whole way.

    One detail that initially seemed to muddy the picture has since been clarified. Clark had told CyberScoop that Sysdig found “multiple models were used in the attack,” citing harvested keys for OpenAI, Anthropic, DeepSeek, and Gemini — language that left open the question of whether several models actively powered different stages of the intrusion. Asked to clarify, Clark told TechCrunch that those keys were simply part of what the agent stole, not evidence of what was driving it.

    “The agent swept the Langflow host for anything valuable — provider API keys, cloud credentials, cryptocurrency wallets, and database configs — and those provider keys were part of the loot,” he said via email. “They are indicative of what the attacker considered worth taking, but they do not tell us which model was making the decisions.”

    On the model actually running JadePuffer, Clark said Sysdig “was not able to identify the specific model driving the agent” and has no visibility into its system prompt or configuration.

    Microsoft researcher Geoff McDonald’s theory, offered on LinkedIn several days ago, is worth revisiting in that light. McDonald suspected an open-weight model with safety training stripped out, rather than a frontier model, was behind the attack, based on his own red-teaming experience showing frontier labs’ safety layers hold up well. Sysdig’s own account doesn’t confirm or rule that out.

    McDonald’s post also warned that ransomware campaigns are now bounded primarily by attacker budget rather than human effort, raising the possibility of “thousands or tens of thousands of simultaneous campaigns.” That concern is a little harder to square with what Clark described Monday. (If a human still has to choose each victim, provision infrastructure, and obtain database credentials for every operation, that’s a bit of a bottleneck, at least.)

    Either way, Clark told CyberScoop, while Sysdig hasn’t seen the same operation hit other victims yet, given how cheap it is to run an agent, he expects that to change.

    When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

    sysdig
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Telegram Copy Link
    News Desk
    • Website

    News Desk is the dedicated editorial force behind News On Click. Comprised of experienced journalists, writers, and editors, our team is united by a shared passion for delivering high-quality, credible news to a global audience.

    Related Posts

    US Science & Tech

    Google Will Now Count All Android Backup Data Toward Your Storage Cap

    July 6, 2026
    US Science & Tech

    Vercel CEO Guillermo Rauch on the fight to split off models from agents

    July 6, 2026
    US Science & Tech

    Google Now Uses Your Uploaded Search Media To Train AI

    July 6, 2026
    US Science & Tech

    You can now customize Siri’s pace and expressivity in the latest iOS 27 beta

    July 6, 2026
    US Science & Tech

    The running list: major tech layoffs in 2026 where employers cited AI

    July 6, 2026
    US Science & Tech

    Why Are People Ditching Wireless Earbuds, And Are Wired Headphones Really Making A Comeback?

    July 6, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Don't Miss

    Trade Deadline Outlook: Philadelphia Phillies

    News DeskJuly 7, 20260

    One month into their 2026 season, the Phillies had the worst record in MLB. They…

    De Ketelaere double gives Belgium deserved half-time lead against USA after Balogun saga

    July 7, 2026

    ‘DWTS’ Cheryl Burke Has Response For Body-Shaming Critics

    July 7, 2026

    Business leader says he hopes Greater Victoria gets fair share of submarine money

    July 7, 2026
    Tech news by Newsonclick.com
    Top Posts

    Trade Deadline Outlook: Philadelphia Phillies

    July 7, 2026

    Golden Tempo takes 158th Belmont Stakes, winning first, third legs of Triple Crown

    June 7, 2026

    Senators legend Daniel Alfredsson attends Ottawa Redblacks’ season opener

    June 7, 2026

    ‘Mama June’ Shyann McCant Slams Claims Used Jessica For Cash

    June 7, 2026
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Editors Picks

    Trade Deadline Outlook: Philadelphia Phillies

    July 7, 2026

    De Ketelaere double gives Belgium deserved half-time lead against USA after Balogun saga

    July 7, 2026

    ‘DWTS’ Cheryl Burke Has Response For Body-Shaming Critics

    July 7, 2026

    Business leader says he hopes Greater Victoria gets fair share of submarine money

    July 7, 2026
    About Us

    NewsOnClick.com is your reliable source for timely and accurate news. We are committed to delivering unbiased reporting across politics, sports, entertainment, technology, and more. Our mission is to keep you informed with credible, fact-checked content you can trust.

    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube
    Latest Posts

    Trade Deadline Outlook: Philadelphia Phillies

    July 7, 2026

    De Ketelaere double gives Belgium deserved half-time lead against USA after Balogun saga

    July 7, 2026

    ‘DWTS’ Cheryl Burke Has Response For Body-Shaming Critics

    July 7, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Disclaimer
    • Advertise
    • Contact Us
    © 2026 Newsonclick.com || Designed & Powered by ❤️ Trustmomentum.com.

    Type above and press Enter to search. Press Esc to cancel.