Enterprise Threat Intel

AI-Driven Attacks: Agentic Ransomware and LLM-Generated Threats

AI-Driven Attacks: Agentic Ransomware and LLM-Generated Threats

Key Questions

What is the first documented agentic ransomware attack?

Jadepuffer is the first known agentic ransomware attack autonomously executed by an LLM, exploiting vulnerabilities in Langflow (CVE-2025-3248) and Nacos. It demonstrates how AI can independently carry out full attack chains without human intervention.

How are LLMs being used to create new ransomware threats?

DeepSeek has been used to generate browser-based ransomware that leverages the File System Access API for data theft. This reflects a broader rise in LLM-generated malware capable of autonomous web browsing, tool use, and command execution.

Why are AI identity attacks increasing and what should SOC teams do?

AI identity attacks now account for 42% of incidents involving compromised credentials, prompting a Five Eyes warning about the trend. SOC teams require updated detection strategies to identify and respond to these AI-driven threats.

First documented agentic ransomware attack (Jadepuffer) autonomously executed by an LLM, exploiting Langflow CVE-2025-3248 and Nacos. DeepSeek-generated browser ransomware using File System Access API. AI identity attacks rising (42% of incidents involve compromised credentials). Five Eyes warning. SOC teams need new detection strategies for AI-driven attacks.

Sources (2)
Updated Jul 8, 2026
What is the first documented agentic ransomware attack? - Enterprise Threat Intel | NBot | nbot.ai