A ransomware attack this summer ran with an AI agent handling most of the work. Security leaders are treating it as a signal worth studying closely.
The Attack That Ran Itself
In late June, researchers at the cybersecurity firm Sysdig documented a ransomware operation, tracked under the name JadePuffer, in which an AI agent carried out most of the attack chain with limited human direction. The agent broke in through a vulnerability, harvested credentials, moved between systems, and encrypted a company's production database. A human set the objective. The agent executed most of the plan from there.
Sysdig's researchers were careful to note the agent didn't handle every step cleanly. It stumbled at points and needed occasional human correction to keep the operation moving. That detail matters. This looked like an early preview of a fully self-driving attack, and that gap is exactly where defenders still have leverage.
Even with that caveat, researchers are calling JadePuffer one of the first documented cases of a ransomware attack in which an AI agent ran most of the operation, with a human supplying only the initial objective. It marks a shift worth naming clearly. For the past two years, generative AI mostly helped attackers write more convincing phishing emails and clone a voice in seconds. JadePuffer points to something further along: an agent that can plan, adapt, and execute across multiple stages of an attack with far less hand holding.
Brian Long, CEO and co-founder of Adaptive Security, has tracked this progression since he started the company two years ago. "Attackers don't need to be smarter anymore. They just need AI," Long has said.
The JadePuffer case fits a wider pattern researchers have tracked this year. Separate reporting from Noma Security describes AI coding agents that can be manipulated into leaking private company repositories through an ordinary-looking GitHub issue, with no stolen credentials required to pull it off. Researchers at the Hong Kong University of Science and Technology built malware specifically designed to slip past the scanners meant to catch bad AI agent add-ons, and it evaded detection in more than 90% of their tests. Each finding stands on its own. Together, they trace a pattern: attackers are learning to operate through agents, and the security industry is racing to secure that layer.
What Changed, And What Held SteadySpeed and scale are the parts of this shift that deserve the most attention from security leaders, more than the novelty of an AI agent itself. A skilled human attacker might spend days quietly probing a network before making a move. An agent can compress that timeline into hours and run a comparable playbook against several targets in parallel. That has genuine implications for how security teams staff a SOC, set detection thresholds, and budget for response time. Mean time to detect and mean time to respond, the two numbers most CISOs already track closely, both get less forgiving when the attacker on the other end doesn't sleep, doesn't hesitate, and doesn't need a break.
That reading lines up with outside analysis. A 2026 assessment from CSIS's Strategic Technologies Program found that most AI-enabled attacks still rely on established tactics, with generative AI mainly speeding up reconnaissance and phishing delivery using techniques already in use, and it pointed to faster patching and stronger identity controls as the more urgent priorities for defenders. McKinsey's 2026 AI Trust Maturity Survey found that nearly two-thirds of organizations now cite security and risk concerns as the top barrier to scaling agentic AI, well ahead of regulatory uncertainty or technical limitations, a sign this concern has moved well past a handful of vendors and researchers.
None of that changes how these attacks typically begin. Initial access still comes from somewhere: an unpatched vulnerability, a compromised credential, an exposed remote access point, or a well-crafted social engineering attempt. In JadePuffer's case, the agent's foothold traced back to a remote code execution flaw in Langflow, an AI development platform, according to Sysdig's report. Everything downstream, the credential theft, the lateral movement, the encryption, happened after that initial break-in, and it happened quickly.
The Defender's Advantage
That framing offers something useful for defenders. "We're in an arms race. AI is the weapon. Who's wielding it matters," Long said. The same category of tool now available to attackers is available to security teams, and organizations already using AI on the defensive side, in email filtering, phishing simulation, and detection triage, are better positioned to match the pace of what's coming.
Long has made a related point in a different context, describing cybersecurity as a matter of psychology just as much as technology. Agentic attacks have significantly changed the technology layer. The psychology layer has moved much less. Employees remain a common target, and a convincing message, call, or meeting invite is still frequently the opening move behind a breach, a pattern Adaptive has tracked across its work with enterprise CISOs.
What Security Leaders Should Do Next
For security leaders trying to prioritize, three moves matter most right now.
- Close common entry points quickly. Set a fast, defined patching timeline for known vulnerabilities, since JadePuffer shows how little time an agent needs once a flaw goes unaddressed. Pair that with strong credential hygiene: multi-factor authentication everywhere it's supported, regular credential rotation, and monitoring for exposed logins tied to the company. Those two habits close the doors an agent relies on most.
- Keep phishing and awareness training current. Attackers now run convincing scenarios over SMS, voice calls, and video meetings alongside email, so training needs to cover every one of those channels. Refresh the scenarios employees see on a regular cadence, and prioritize the people with the broadest access: finance teams, IT admins, and executive assistants remain some of the highest-value targets.
- Invest in faster detection and response. Automate the triage of reported phishing so a suspicious message gets analyzed within minutes. Run tabletop exercises that assume an attacker can move through a network within hours, so response plans keep pace with how fast these attacks now move.
Adaptive Security builds around those priorities: attack simulations that reflect current AI-powered techniques, phishing triage that flags and contains suspicious messages quickly, and risk scoring that shows security teams where exposure is highest before an attacker finds it first.
JadePuffer will not be the last case like it, and future versions will likely need less human correction than this one did. The fundamentals, verified identity, trained employees, fast detection, remain the foundation. What has changed is the timeline: security teams that build these priorities into ongoing planning now, at the speed this moment calls for, will be the ones ready for whatever comes next.




Contents









