"Turning Point": AI Was Spotted Coordinating a Ransomware Attack for the First Time

Cybersecurity researchers at Sysdig have discovered what they say is the first documented case of a large language model independently coordinating a ransomware campaign. On July 6, the Sysdig Threat Research team reported the discovery of an attack dubbed “Jade Puffer,” in which the AI model did not merely assist the attackers but autonomously carried out a sequence of actions characteristic of malware.
According to Michael Clark, Sysdig’s director of cyber threat research, Jade Puffer did not use any fundamentally new hacking techniques. However, the AI handled everything: it scanned the server for access keys to AI services, cloud credentials, and cryptocurrency wallets, and then generated a ransom note.
Researchers were able to link the attack to the use of AI based on distinctive characteristics. In particular, the malicious code contained numerous comments explaining the purpose of each action, which is considered a typical sign of AI-model-generated code. Another distinctive feature of Jade Puffer was its ability to correct its own errors. During the attack, the AI detected a flaw in its own code, fixed it, and resumed operation in less than 31 seconds.
Clark believes that the main danger lies not in the complexity of the attack itself, but in the lower skill requirements for attackers. The cost of deploying an AI agent is becoming the main constraint on such operations, and when using stolen credentials, the costs can be virtually zero, the expert notes in the Sysdig report.
Jeff McDonald, Head of Research at Microsoft Defender for Endpoint, offered a similar assessment of the AI model’s capabilities on his LinkedIn page. According to him, AI is capable of scaling ransomware attacks to thousands or even tens of thousands of simultaneous campaigns, since their scale is now limited more by the attackers’ budget than by the number of operators. “This is a turning point for cybersecurity, for which neither the industry nor the world is yet prepared (…) In the coming months, this will lead to serious negative consequences,” McDonald added.
Concerns about the use of AI in cyberattacks are growing amid the emergence of increasingly powerful language models, Business Insider notes. OpenAI and Anthropic were forced to restrict access to some of their most advanced models precisely because of concerns about their capabilities in the field of cybersecurity.
This article was AI-translated and verified by a human editor




