Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
Sysdig researchers have documented a threat actor weaponising misconfigured Ollama model servers as the reasoning engine for an autonomous multi-stage penetration testing framework called VAPT, marking a significant shift in how stolen AI compute is being used.
Nine vulnerabilities including a hardcoded authentication bypass and critical MCP command injection were disclosed in PraisonAI, with scanners targeting the auth bypass endpoint less than four hours after the advisory went public.
Sysdig's Threat Research Team documented the first fully agentic ransomware operation: an LLM-driven attacker that exploited Langflow, pivoted to a production Nacos instance, and encrypted 1,342 database configurations without human direction at any step.