This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
07/16/2026
Cybersecurity Researchers Identify First Fully Autonomous AI-Driven Ransomware Attack
Campus Technology
Threat researchers at cloud security firm Sysdig have disclosed what they describe as the first documented ransomware operation carried out end-to-end by an autonomous AI agent, with no human typing commands or directing individual steps once the attack was underway. The firm named the threat actor JADEPUFFER and published its technical analysis between July 4 and July 6.
According to Sysdig, JADEPUFFER gained initial access through an internet-facing instance of Langflow, an open source framework that developers use to build AI applications and agent workflows. The entry point was CVE-2025-3248, a missing-authentication flaw that allows an unauthenticated attacker to run arbitrary Python code on the host. The vendor patched the flaw in Langflow 1.3.0, and the Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities list in May 2025, meaning the vulnerability itself was neither new nor secret at the time of the attack.
More InfoAlerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information
