CoinDesk reports:
Cybersecurity company Sysdig said its research team discovered a ransomware attack orchestrated and executed by a large language model. The team named the attack “Jade Puffer” and described it as the first documented evidence of an AI-agent-based ransomware attack.
The focus of the attack is not on new technology.
Sysdig researchers stated that this attack did not employ any particularly novel or complex intrusion techniques; the real cause for concern is that AI models took on roles in orchestrating processes, executing steps, and adjusting operations. This means the technical barrier to launching ransomware attacks is lowering.
Researchers say the attack program searches target servers for various types of sensitive information, including AI API login credentials, cloud service credentials, cryptocurrency wallets, and database accounts. The system then automatically generates a ransom note containing the demanded amount, a Bitcoin payment address, and a Proton Mail contact.
You can correct it yourself based on the error message.
Sysdig stated that the presence of an AI model in the attack was determined by the presence of multiple code traces and behavioral patterns on the targeted servers exhibiting characteristics generated by AI. Researchers also noted that the model was able to instantly correct its code based on errors and continue the attack.
A cybersecurity engineer on the social platform X noted that one of the most striking aspects of this incident was the model’s ability to read the error message, modify its own code, and resume operation within approximately 31 seconds, demonstrating strong real-time adaptability.
Microsoft researchers warn of scaling risks
Geoff McDonald, a data scientist and cybersecurity researcher at Microsoft, stated that similar attacks could expand significantly in the future. According to his assessment, the scale of ransomware and destructive attacks will henceforth be primarily limited by attackers’ budgets, rather than by human operational capacity.
He believes this means threat actors could launch thousands, even tens of thousands, of attacks simultaneously, and the cybersecurity industry and external defense systems are not yet prepared for this shift.
AI security restrictions have been tightened.
Prior to this incident, the cybersecurity capabilities of AI models had already drawn industry attention. Recently, both Anthropic and OpenAI have implemented stricter access controls on certain advanced models due to improvements in their cybersecurity-related abilities.
The report also noted that the Trump administration previously imposed export controls on Anthropic due to security concerns, affecting the Claude Mythos 5 and Fable 5 models. As AI’s capability for automating attacks grows, related security and regulatory discussions are likely to intensify.
Click Here For The Original Source.
