Researchers say a documented ransomware attack marks the closest example yet of an AI agent attacking on its own after a human provided the initial access.
A documented ransomware attack provided what researchers believe is the closest real-world example yet of an AI agent carrying out much of a cyberattack autonomously. But there was one important catch: a human attacker still selected the victim, obtained valid credentials, and initiated the operation.
Security researchers at Sysdig say the attack demonstrates how AI agents are beginning to automate significant portions of ransomware operations that previously required skilled human operators. While the attack was not fully autonomous, the researchers say it represents an important milestone in the evolution of AI-assisted cybercrime.
The attack involved an AI agent known as JADEPUFFER, which researchers observed performing many of the steps needed to compromise a cloud-hosted database environment. Rather than following a rigid script, JADEPUFFER was able to make decisions, adapt its actions as conditions changed, and continue working toward its objective with limited human involvement.
According to Sysdig, the human operator’s role was to identify the target organization and provide stolen credentials that allowed the AI agent to access the environment. From that point, the AI agent carried out much of the attack, including exploring the environment, locating valuable data, and preparing it for extortion.
Sysdig researchers emphasized that the attack should not be described as fully autonomous. The AI agent did not independently choose its victim or discover an initial way into the network. Instead, it relied on a human to provide those critical starting conditions before taking over much of the operation.
Even so, Sysdig says the incident illustrates how advances in AI agents could reduce the amount of expertise and manual effort traditionally required to carry out ransomware attacks. Instead of doing each step themselves, attackers could let AI handle more of the work and figure things out as it goes. The researchers noted that the attack was not the work of a sophisticated nation-state group or major ransomware organization.
While AI played a significant role in this incident, Sysdig concludes that human involvement remained essential. Therefore, the attack stops short of being the first fully autonomous AI cyberattack, but it demonstrates that attackers are closing in on that reality.

