The first fully autonomous AI ransomware attack turns out to have had a human involved after all, does that change how worried you should be?

Started by MickFoley, Yesterday at 11:24 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: The first fully autonomous AI ransomware attack turns out to have had a human involved after all, does that change how worried you should be?   Views(Read 57 times)
Active members in this topic:
MickFoley(1)

MickFoley

Security firm Sysdig made headlines documenting JadePuffer, described as the first ransomware operation handled end to end by an AI agent rather than a human, breaking into a server, stealing credentials, moving through the network, encrypting files and writing its own ransom note. Follow up reporting this week added an important correction, a human was still very much involved, just not in the technical execution

Sysdig's Michael Clark clarified that a person set up the operation, provisioned the infrastructure, chose the victim, and separately obtained the stolen credentials the agent then used, they were handed to the operation rather than harvested by the AI itself. None of that contradicts the technical details, which remain genuinely striking, the agent exploited a known Langflow vulnerability then a MySQL flaw, adapted in real time, and once went from a failed login to a working fix in 31 seconds

The bigger unresolved question is which model actually drove the attack. Sysdig said multiple provider API keys, OpenAI, Anthropic, DeepSeek and Gemini, were found on the compromised system, but clarified those were simply stolen loot, not evidence of what powered the agent's decisions, and the company could not identify the specific model or see its system prompt

A researcher's competing theory is that an open weight model with safety training deliberately stripped out is more likely than a frontier model, since red teaming generally shows frontier labs' safety layers holding up reasonably well against this kind of misuse

So the debate. Does the human still being involved in setup and target selection meaningfully lower how alarmed you should be about this story, or was the technical execution always the scary part regardless of who picked the target, and does not knowing which model ran it change how you think about which companies bear responsibility here?

Cashback on everything or it didn't happen

Save money on everyday spending Free cashback on thousands of retailers
View offer