Back to advisories

Sysdig clocks first documented case of agentic ransomware

JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances. This represents a significant threat escalation: AI-orchestrated ransomware executes 600+ payloads with 31-second error correction cycles, dramatically lowering the skill floor for ransomware operations.

CRITICALAdvisoryJul 07, 2026
Action required
Immediately patch all Langflow instances to the latest version to close CVE-2025-3248. Hunt for exploitation attempts and suspicious lateral movement in MySQL and Nacos logs. Flag any anomalous LLM API calls (OpenAI, Anthropic, DeepSeek, Gemini tokens) in your environment.
Affected products
SysdigLangflowMySQLAlibaba Nacos