Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation
driven end-to-end by a large language model.

The operator, which Sysdig calls #JADEPUFFER, broke into a server, harvested credentials, moved to a separate production target, encrypted a database, and destroyed data,

all without a human at the keyboard.

Ransomware has always needed a skilled person somewhere in the loop.

That may no longer be true.

securityaffairs.com/194713/ai/

Security AffairsJADEPUFFER: First End-to-End AI-Driven Ransomware OperationAn AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans.
Jul 5, 2026, 19:39 UTCen