Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

The ‘first’ ransomware attack run by AI still needed a human

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026

    Midjourney wants Hollywood studios to reveal the details of their use of artificial intelligence

    5 July 2026
  • Apps

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»AI»The ‘first’ ransomware attack run by AI still needed a human
AI

The ‘first’ ransomware attack run by AI still needed a human

techtost.comBy techtost.com7 July 202604 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
The 'first' Ransomware Attack Run By Ai Still Needed A
Share
Facebook Twitter LinkedIn Pinterest Email

Last week, researchers at cloud security firm Sysdig said they had documented the first known case of “ransomware agent.” It was an extortion operation, dubbed JadePuffer, in which an AI agent—not a human—handled the technical execution of a real-world cyberattack from start to finish. The agent hacked into a vulnerable server, stole credentials, moved through the target’s network, encrypted files and even wrote his own ransom note, adjusting obstacles along the way as a human hacker would. Funding coverage described it as having “no human oversight” and “no human at the keyboard.”

It’s not exactly that full picture. In one interview on Monday with CyberScoop, Sysdig’s Michael Clark, the company’s senior director of threat research, clarified that a human is still very much involved — just not in the technical execution. “One person still set up and demonstrated the operation and provided the infrastructure behind it, the command and control server, the staging server that was used for the stolen data and chose a victim,” Clark said. The credentials used to enter the victim’s database, he added, were not collected by the AI ​​agent itself. someone acquired them separately, with prior compromise, and delivered them to the business.

None of this contradicts Sysdig’s original claim, and the technical details of the attack remain remarkable in their own right – even wild. The agent entered through a known bug in Langflowa popular open source tool for building LLM applications, was then ported to a production MySQL server and exploited another known flaw to gain administrator access. He encrypted over 1,300 configuration records and not only left behind a self-written ransom note, he left a Bitcoin address where the ransom could be sent. Sysdig did not disclose who the target was.

The techniques were quite ordinary obviously, what stood out was the speed and transparency. The agent fixed a failed connection in 31 seconds, narrating his reasoning in natural language code comments along the way.

A detail that initially seemed to cloud the picture has since been clarified. Clark had told CyberScoop that Sysdig found that “multiple models were used in the attack,” citing key harvesting for OpenAI, Anthropic, DeepSeek, and Gemini — language that left open the question of whether multiple models were actively fueling different stages of the attack. Asked to clarify, Clark told TechCrunch that those keys were just part of what the agent stole, not evidence of what drove it.

“The agent scanned the Langflow host for anything of value — provider API keys, cloud credentials, cryptocurrency wallets and database configurations — and those provider keys were part of the theft,” he said via email. “They are indicative of what he thought the striker was worth getting, but they don’t tell us which model was making the decisions.”

Regarding the model actually running JadePuffer, Clark said Sysdig was “unable to determine the specific model running the agent” and has no visibility into its system prompt or configuration.

Microsoft researcher Geoff McDonald’s theory, offered on LinkedIn several days ago, it’s worth revisiting in that light. MacDonald suspected that an open-weight model with stripped-down security training was behind the attack, rather than a border model, based on his own experience with the team showing that border labs’ security layers hold up well. Sysdig’s own account neither confirms nor rules it out.

McDonald’s post also warned that ransomware campaigns are now limited primarily by attackers’ budgets rather than human effort, raising the possibility of “thousands or tens of thousands of simultaneous campaigns.” That concern is a little harder to square with what Clark described Monday. (If a human still has to select each victim, provision infrastructure, and obtain database credentials for each operation, that’s at least one hurdle.)

Either way, Clark told CyberScoop, while Sysdig has yet to see the same business hit other victims, given how cheap it is to run an agent, he expects that to change.

When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.

attack Human needed ransomware run sysdig
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleYou can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

If you use Google, you train its AI. See how you can opt out.

6 July 2026

Amazon will stop accepting new customers for Mechanical Turk

6 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

The ‘first’ ransomware attack run by AI still needed a human

7 July 2026

You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

7 July 2026

US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.