Post by CybelAngel

51,044 followers

The first ransomware operation run end to end by an AI, with no human at the keyboard, did not need a single novel technique to succeed. JADEPUFFER is an LLM agent that breached a server, harvested credentials, moved to a production database, encrypted 1,342 configuration items and destroyed the originals. When a login failed, it diagnosed the cause and corrected itself in 31 seconds. Every door it walked through was one most security programs already know about: 1. An internet-facing Langflow server left unpatched (CVE-2025-3248, on CISA's KEV list since May 2025). 2. Provider API keys and cloud credentials sitting in the server environment. 3. A Nacos service still using its default JWT signing key, public since 2020. 4. A database admin port reachable from the open internet. The skill floor for this kind of attack has dropped to the cost of running an agent. Right now the gap is visibility into the AI-adjacent and forgotten infrastructure most organizations never map. Our full breakdown, including the six things every security leader should take from this, is here: https://lnkd.in/eYGSjgq6

Post content