Researchers have claimed to detect what they believe is the first-ever documented ransomware attack launched and executed entirely by an autonomous artificial intelligence (AI) agent. According to a report in Bleeping Computer, cloud security firm Sysdig uncovered the hacking, dubbed JadePuffer. Unlike traditional cyberattacks that rely on pre-written malicious scripts or a human hacker sitting behind a keyboard, JadePuffer used a Large Language Model (LLM) agent to independently scout the target, steal security credentials, navigate the network and lock down data, the report said.Most alarming to researchers was how the AI handled obstacles. When its initial hacking attempts failed, the AI agent didn’t give up or crash, instead it actively analysed the error messages and rewrote its own code in real time to bypass security, behaving exactly like a highly skilled human operator.
AI agent overcame failures in 31 seconds
Citing Sysdig, the report notes that the AI’s ability to adapt on the fly allowed it to move through the target network at high speed.“The operation adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in just 31 seconds,” Sysdig noted in its research report.In another instance, while trying to raid a storage system, the AI received an unexpected XML data response instead of the standard JSON format it anticipated. Rather than failing, the agent instantly adjusted its parsing logic to read the new format and kept going.
How AI agent hacked the system
The AI gained its initial foothold by exploiting a security flaw in Langflow, a popular app used to build AI systems. Once inside, it raided the database, gathered environment variables and stole cloud credentials.From there, it latched onto a core production server running Alibaba Nacos software. The AI agent immediately looked for ways to break out of its software container, successfully encrypted all 1,342 Nacos service configuration items using database commands, wiped the originals, and left behind a demand table named README_RANSOM.While the attack was highly effective, researchers caught onto the fact that a machine was pulling the strings due to several bizarre “AI habits” left behind in the code.For starters, the generated hacking code contained meticulous, polite, natural-language comments explaining the AI’s step-by-step logic – a feature common in LLM outputs but completely absent in human malware.Furthermore, the AI fell victim to a classic “hallucination.” While the ransom note demanded Bitcoin, the cryptocurrency payment address the AI typed out turned out to be a generic placeholder address widely used in public coding documentation. The LLM had simply copied a dummy address from its own training data, meaning the human hackers behind the agent likely couldn’t collect any money even if the victim paid.
Click Here For The Original Source.
