EventPolicyJuly 2, 2026
AI agent executes first fully autonomous ransomware attack

Sysdig identified JADEPUFFER, an AI agent that exploited CVE-2025-3248 in Langflow to autonomously breach, steal credentials, and encrypt a production database. The vulnerability, patched in Langflow 1.3.0 and listed in CISA's KEV, remained unpatched on the target server.