The Rise of Agent-Based Ransomware: A Closer Look at Autonomy
A closer examination of the first documented case of agent-based ransomware reveals the complexities of AI's role in cyberattacks and the necessity of human involvement.

Recent claims by researchers at the cloud security firm Sysdig have brought attention to what they describe as the first documented instance of "agent-based ransomware." This incident, known as "Jadepuffer," allegedly involved an AI agent executing a cyberattack entirely without human intervention. However, reports from Techcrunch suggest that this portrayal may not be entirely accurate.
The Evolving Threat Landscape
The Federal Office for Information Security (BSI) has raised alarms about increasing security risks associated with AI technologies. According to their assessments, the speed at which attackers can respond has dramatically improved due to advancements in AI. Whereas AI was previously utilized mainly for tasks like crafting convincing phishing emails, modern systems are capable of autonomously identifying, analyzing, and exploiting vulnerabilities.
Concerns have intensified around discussions related to AI models, such as Claude Mythos. Anthropic, the company behind this model, had previously warned about its capabilities, noting that in testing, it was able to identify vulnerabilities in every operating system and browser evaluated. Consequently, Anthropic opted for a controlled release of their "Project Glasswing." In June, the U.S. government instructed Anthropic to disable access to the model, citing security concerns, although some restrictions have since been lifted.
{{img:123}}
Human Involvement in Cyberattacks
Initially, Sysdig claimed that the AI agent breached a server without any human oversight, navigated through the victim's network, stole credentials, and crafted a ransom demand independently. However, Michael Clark, Sysdig's Senior Director of Threat Research, clarified in an interview with Cyberscoop that human involvement was indeed present during the attack.
"A human prepared and directed the operation, set up the infrastructure—including the Command-and-Control server and a staging server for the stolen data—and selected a target," Clark explained. The credentials used for the breach were not generated by the agent but were obtained from a previous attack.
Techcrunch noted that while the techniques employed were fairly standard, the speed and transparency of the operation were noteworthy. The agent managed to rectify a failed login attempt in just 31 seconds and documented its reasoning through natural language comments in the code.
Clark elaborated that multiple models were utilized during the attack, mentioning stolen keys from providers such as OpenAI, Anthropic, Deepseek, and Gemini. In a follow-up email to Techcrunch, he stated, "The agent searched the Langflow host for valuable items—API keys from providers, cloud access credentials, cryptocurrency wallets, and database configurations—and these provider keys were part of the haul. They indicate what the attacker deemed valuable but do not clarify which model made the decisions."
{{img:14640}}
The Future of Agent-Based Cyberattacks
This incident underscores the limitations of agent-based cyberattacks. As long as a human is responsible for selecting the target, provisioning the infrastructure, and acquiring credentials, there will always be a bottleneck. Nevertheless, given the low costs and rapid execution capabilities of AI agents, Clark believes that such incidents are likely to become more frequent in the future.
{{img:123}}



