The Independent Security channel is brought to you by Bitdefender
Security researchers have uncovered what they believe to be the first ever instance of an artificial intelligence agent executing a cyber attack from start to finish without human assistance.
The AI-powered attack marks a major milestone for both artificial intelligence and cyber security, raising concerns that AI is lowering the barrier for cyber criminals.
The fully automated campaign involved an AI carrying out a ransomware attack, where victims are forced to pay a ransom in order to regain access to their data.
A team from cloud security firm Sysdig said the AI attacker, which they named Jadepuffer, broke into a vulnerable server, discovered passwords and login credentials, and then encrypted a production database before demanding a bitcoin ransom.
“Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat,” Michael Clark, director of threat research at Sysdig, wrote in a blog post.
“The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of agentic ransomware: a complete extortion operation driven end-to-end by a large language model (LLM).”
Immediately after gaining access to Langflow, an open source tool for building AI applications, the LLM began looking for credentials “with explicit coverage of Chinese providers” like Alibaba, Tencent and Huawei.
The autonomous operation was also able to adapt its tactics in real-time, operating at a speed that outpaces even the most skilled human operators.
“The most striking characteristic, however, was the LLM’s behaviour,” Mr Clark said.

The ideal summer spot? Away from scams.
Get All-in-One Protection for Your Digital Life
ADVERTISEMENT

The ideal summer spot? Away from scams.
Get All-in-One Protection for Your Digital Life
ADVERTISEMENT
“The operation adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.”
Sysdig researchers noted that even if the victim paid the ransom, they would not be able to recover the compromised data because the AI agent had already deleted it without backing any of it up.
The findings are yet to be independently verified, however they highlight a growing risk that AI systems pose as they become ever more capable of carrying out complex cyber attacks without human oversight.
In a rare joint warning last month, the Five Eyes security alliance said that AI is “months away” from wreaking havoc on businesses and governments.
“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the warning stated. “A whole-of-organisation and whole-of-society response is required.”
