‘No hacker needed’: New AI ransomware can automate database attacks from start to finish, warns cybersecurity firm

‘No hacker needed’: New AI ransomware can automate database attacks from start to finish, warns cybersecurity firm

‘No hacker needed’: New AI ransomware can automate database attacks from start to finish, warns cybersecurity firm

https://timesofindia.indiatimes.com/technology/tech-news/no-hacker-needed-new-ai-ransomware-can-automate-database-attacks-from-start-to-finish-warns-cybersecurity-firm/articleshow/132209561.cms

Publish Date: 2026-07-06 02:39:00

Source Domain: timesofindia.indiatimes.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Disclaimer: It is an AI generated image Security researchers have identified JadePuffer, the first ransomware attack which is filly executed by an autonomous AI agent. According to a report by Sysdig, unlike traditional ransomeware campaigns that reply on human hackers, JadePuffer infiltrated servers, diagnosed failures, adapted its methods, and extorted victims and all this was done without any human intervention. The attack represents a watershed moment in cybersecurity, showing that AI can now independently run end-to-end extortion operations.How JadePuffer operatedAs per the report, the attack started by exploiting CVE-2025-3248. For those unaware, this is a critical vulnerability in Longflow which is an open-source AI workflow framework. Once inside, the JadePuffer started scanning for cloud credentials, API keys, crypto wallets, and database logins across providers like AWS, Azure, Google Cloud, Alibaba, and Tencent. When the login attempted made by the agent failed, it started diagnosing the problem and rewrote its own-code. Then, it managed to solve the problem and entered the system successfully. This kind of behaviour was earlier seen only in human-led hacking attacks. It then pivoted to a production MySQL server running Alibaba’s Nacos, exploited another vulnerability (CVE-2021-29441), and created rogue admin accounts.Finally, JadePuffer encrypted over 1,300 service configuration items, deleted the originals, and left a ransom note demanding Bitcoin. However, researchers found the encryption key was never saved, meaning victims cannot recover their data even if they pay.Why this attack is differentWhat makes JadePuffer unique is its autonomy and adaptability. The malware contained natural-language reasoning and annotations, explaining why each step was taken — a hallmark of large language model (LLM)-generated code. This shows that AI-driven attacks can now:* Operate at machine speed* Adapt dynamically to obstacles* Lower the cost of ransomware campaigns to near zeroImplications for cybersecurityThe incident highlights several risks:* Accessibility: Autonomous AI lowers the barrier for cybercriminals, enabling sophisticated attacks without skilled operators.* Irrecoverable Damage: Victims face permanent data loss, as JadePuffer’s ransom note offered no viable decryption key.* Future Threats: Experts warn this is a “warning sign” of where extortion tradecraft is heading — AI agents capable of reasoning, adapting, and executing complex attacks independently.