{"id":16429,"date":"2026-07-06T04:33:14","date_gmt":"2026-07-06T04:33:14","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16429"},"modified":"2026-07-06T04:33:14","modified_gmt":"2026-07-06T04:33:14","slug":"ai-agent-pulls-off-a-ransomware-assault-with-out-human-assist","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16429","title":{"rendered":"AI Agent Pulls Off a Ransomware Assault With out Human Assist"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"generic-article\">\n<p class=\"text-muted\">\n                                            <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/agentic-ai-c-940\" id=\"asset_topic_1_1\">Agentic AI<\/a><br \/>\n                                                    ,<br \/>\n                                                            <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/fraud-management-cybercrime-c-409\" id=\"asset_topic_1_2\">Fraud Administration &amp; Cybercrime<\/a><br \/>\n                                                    ,<br \/>\n                                                            <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/ransomware-c-399\" id=\"asset_topic_1_3\">Ransomware<\/a>\n                                                    <\/p>\n<p>                    <span class=\"article-sub-title\">Researchers Say the Assault Mixed AI Choice-Making With Identified Software program Flaws<\/span><br \/>\n                <span class=\"article-byline\"><br \/>\n                                                <a rel=\"nofollow\" target=\"_blank\" class=\"author-link\" href=\"https:\/\/www.bankinfosecurity.com\/authors\/pooja-tikekar-i-5947\">Pooja Tikekar<\/a> (<a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.twitter.com\/@PoojaTikekar\"><i class=\"fa fa-twitter\"\/>@PoojaTikekar<\/a>)                                                    \u2022<br \/>\n                        <span class=\"text-nowrap\">July 5, 2026<\/span> \u00a0 \u00a0 <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/ai-agent-pulls-off-ransomware-attack-without-human-help-a-32155#disqus_thread\"\/><\/span><\/p>\n<figure>\n                <img decoding=\"async\" src=\"https:\/\/ismg-cdn.nyc3.cdn.digitaloceanspaces.com\/articles\/ai-agent-pulls-off-ransomware-attack-without-human-help-image_large-6-a-32155.jpg\" alt=\"AI Agent Pulls Off a Ransomware Attack Without Human Help\" class=\"img-responsive \"\/><figcaption>Picture: Magnific<\/figcaption><\/figure>\n<p>An autonomous synthetic intelligence agent has carried out what researchers describe as the primary agentic ransomware assault, exploiting vulnerabilities, stealing credentials and encrypting a manufacturing database with out human intervention.<\/p>\n<p><b>See Additionally:<\/b> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/know-thy-enemy-threats-to-cyber-resilience-a-31674?rf=RAM_SeeAlso\">Know Thy Enemy: Threats to Cyber Resilience<\/a><\/p>\n<p>Cloud safety agency Sysdig <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.sysdig.com\/blog\/jadepuffer-agentic-ransomware-for-automated-database-extortion\" target=\"_blank\">attributed<\/a> it to a menace actor it tracks as Jadepuffer. Researchers mentioned the incident reveals that enormous language fashions can autonomously execute a full ransomware life cycle, together with reconnaissance, credential theft, lateral motion, privilege escalation and knowledge encryption.<\/p>\n<p>The findings come because the cybersecurity businesses of the 5 Eyes alliance warn that advances in AI are accelerating the pace, scale and class of cyberthreats. &#8220;The timeline is just not years; it&#8217;s months,&#8221; the businesses <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news-events\/news\/five-eyes-cyber-security-agencies-statement\" target=\"_blank\">mentioned<\/a> in a joint assertion in June (see: <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bankinfosecurity.com\/five-eyes-warn-frontier-ai-cyberthreat-months-away-a-32054\"><i>5 Eyes Warn the Frontier AI Cyberthreat Is Months Away)<\/i><\/a>. <\/p>\n<p>The intrusion started with the exploitation of <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-3248\" target=\"_blank\">CVE-2025-3248<\/a>, a vital authentication bypass vulnerability in Langflow&#8217;s code validation endpoint. Langflow is an open-source framework used to construct AI functions and agent workflows. The flaw permits unauthenticated distant code execution on uncovered servers and was added to CISA&#8217;s Identified Exploited Vulnerabilities <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?search_api_fulltext=&amp;field_date_added_wrapper=all&amp;field_cve=&amp;sort_by=field_date_added&amp;items_per_page=All&amp;url=\" target=\"_blank\">catalog<\/a> in Could.<\/p>\n<p>After gaining entry, Jadepuffer searched the compromised setting for cloud credentials, API keys, cryptocurrency wallets, configuration information and database secrets and techniques. It dumped Langflow&#8217;s PostgreSQL database to reap saved credentials, scanned inside networks and accessed an uncovered MinIO object storage service utilizing default credentials. Researchers mentioned the agent additionally established persistence by deploying a cron job that beaconed to attacker-controlled infrastructure each half-hour.<\/p>\n<p>Utilizing the harvested credentials, the AI agent moved to a separate, internet-exposed manufacturing server working MySQL and Alibaba&#8217;s Nacos configuration platform. It exploited <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-29441\" target=\"_blank\">CVE-2021-29441<\/a>, abused Nacos&#8217; default JWT signing key and injected a backdoor administrator account into the platform&#8217;s database earlier than launching the extortion section.<\/p>\n<p>The ransomware encrypted 1,342 Nacos configuration information utilizing MySQL&#8217;s built-in encryption capabilities, deleted the unique tables and changed them with a ransom word demanding cost in Bitcoin.<\/p>\n<p>Sysdig mentioned the AI agent tailored when an try to create an administrator account failed, diagnosing the error and producing a working various inside 31 seconds. Researchers additionally recognized tons of of payloads containing natural-language reasoning and self-generated annotations explaining the agent&#8217;s choices.<\/p>\n<p>The assault didn&#8217;t depend on zero-day vulnerabilities or novel strategies. As a substitute, it mixed recognized vulnerabilities, uncovered companies, default credentials and publicly documented weaknesses into an automatic intrusion chain.<\/p>\n<p>Sysdig mentioned it discovered no proof that the attackers retained a decryption key or backup of the encrypted knowledge, suggesting victims can be unable to get well their info even when they paid the ransom.<\/p>\n<\/p><\/div>\n<p><template id="wSauQMrmGSXSTfUXLXhF"></template><\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Agentic AI , Fraud Administration &amp; Cybercrime , Ransomware Researchers Say the Assault Mixed AI Choice-Making With Identified Software program Flaws Pooja Tikekar (@PoojaTikekar) \u2022 July 5, 2026 \u00a0 \u00a0 Picture: Magnific An autonomous synthetic intelligence agent has carried out what researchers describe as the primary agentic ransomware assault, exploiting vulnerabilities, stealing credentials and encrypting [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16431,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[75,717,987,3019,500],"class_list":["post-16429","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-agent","tag-attack","tag-human","tag-pulls","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16429"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16429\/revisions"}],"predecessor-version":[{"id":16430,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16429\/revisions\/16430"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16431"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-06 18:22:05 UTC -->