Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
CISA added CVE-2026-55255 to the Known Exploited Vulnerabilities catalog on July 7, 2026, after confirming active exploitation of an insecure direct object reference in Langflow that let authenticated users execute workflows belonging to other tenants.
CVE-2026-21858 gives unauthenticated attackers full code execution on n8n workflow servers. Langflow's new IDOR vulnerability has been added to CISA KEV. GitHub Copilot's MCP integration carries a prompt-injection-to-RCE chain. AI automation infrastructure is becoming a primary attack surface.
Sysdig's Threat Research Team documented the first fully agentic ransomware operation: an LLM-driven attacker that exploited Langflow, pivoted to a production Nacos instance, and encrypted 1,342 database configurations without human direction at any step.
Sysdig has documented JADEPUFFER, a threat actor that used an LLM agent to drive an entire ransomware operation autonomously — from Langflow exploitation through database encryption. The attack encrypted 1,342 production configuration items using an ephemeral key that makes recovery impossible.
CVE-2026-33017, a CVSS 9.8 unauthenticated RCE in Langflow, has been added to the CISA KEV catalog after active exploitation deploying a self-spreading Monero cryptominer across exposed AI workflow environments.
A path traversal vulnerability in Langflow's file API allows unauthenticated attackers to overwrite arbitrary files and chain to RCE. Active exploitation confirmed in June 2026. Fix is in version 1.9.0.