← All articles

AI agent runs an entire ransomware attack after breaking in through Langflow

Security firm Sysdig says it found what it believes is the first ransomware attack carried out from start to finish by an AI agent. The operator, which Sysdig calls JADEPUFFER, used a large language model to handle the whole job: breaking in, stealing credentials, moving through the network, then encrypting and wiping a company's production database. The way in was an old, already-patched flaw in Langflow, an open-source tool for building AI apps that is often left exposed online with cloud keys nearby. Once inside, the agent mapped the machine and swept it for secrets, including API keys for AI services and credentials for major cloud providers, before destroying data.

Check
Find any internet-exposed Langflow or similar AI application servers, confirm they are patched and off the internet, and check whether cloud or AI service credentials sit in environments those tools can read.
Affected
Organizations running exposed, unpatched Langflow servers, especially with cloud and AI service credentials nearby; attackers used the old flaw and an automated agent to steal secrets and ransom production databases.
Fix
Patch Langflow and never expose its code-running endpoints, keep secrets in a proper manager away from web-reachable tools, lock down outbound traffic and database admin access, and watch runtime behavior.