An AI agent just carried out a ransomware attack from initial access to encryption, with no human directing it.
Security firm Sysdig documented what it calls the first fully autonomous ransomware attack, carried out by a threat actor it named JADEPUFFER. The attacker used a large language model to drive every stage of the operation - reconnaissance, exploitation, lateral movement, and file encryption - without a person at the keyboard at any point. Sysdig researchers say this marks a meaningful shift from prior AI-assisted attacks, where humans still handled the hard parts.
Ransomware has always required skilled operators because the attack chain demands real-time decision-making. If an AI agent can now handle that chain end-to-end, the barrier to running sophisticated ransomware drops sharply - both in cost and in the technical skill required to launch an attack. That means smaller criminal groups, or even individuals, could run campaigns that previously needed a crew.
For years, security researchers warned that AI would eventually lower the floor on attack complexity. JADEPUFFER appears to be the data point that turns that warning into a present-tense problem.