Named JadePuffer, the agent orchestrated the entire attack, from the initial reconnaissance to the ransom demand, including data encryption.

Cybersecurity company Sysdig announced on July 1, 2026, that it had identified a ransomware attack carried out end-to-end by an autonomous AI agent named JadePuffer. According to the company’s researchers, this is the first documented case of a fully automated cyberattack.

Specifically, the AI agent exploited a vulnerability in Langflow to infiltrate a server without requiring a password. It explored the system, collected sensitive data, searched for credentials, and continuously adapted its strategy whenever it encountered obstacles. It then established persistent access and compromised a production server. Finally, the agent exfiltrated data before deleting it, encrypted configuration files, and left a ransom note.

Sysdig’s researchers noted that JadePuffer demonstrated a level of adaptability and error correction comparable to that of a human attacker. They warned the cybersecurity community about the growing risks associated with this technological evolution.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.