The age of fully automated cyber warfare has arrived, but it still requires a human hand to push the start button. Cybersecurity investigators recently documented what they call the very first instance of autonomous software running a full extortion racket. Security firm Sysdig uncovered an operation named JadePuffer, where an artificial intelligence script handled the technical heavy lifting of a network break-in from start to finish. Early reports painted a scary picture of a rogue software system striking entirely on its own with no human sitting at the keyboard.
The real story has a lot more nuance. Michael Clark, a top threat researcher at Sysdig, clarified that a human handler remained deeply involved in the overall setup. The software bot did not magically wake up and choose a target. Instead, a human operator selected the victim, built the network infrastructure, and prepped the data servers used to store the stolen information. Even the digital keys used to slip past the initial security gates came from a separate, human-led data breach.
Once the operator pointed the tool at the target, the software took complete control of the technical execution. The bot found its way into the system by taking advantage of a known security bug in Langflow, a popular open-source software kit that developers use to build language applications. After crossing that initial boundary, the bot targeted a primary MySQL database, cracking open another system flaw to secure total administrative control over the network.
The autonomous script went straight to work, encrypting more than 1,300 critical data configuration files. To make matters worse, the bot wrote a custom ransom note from scratch and attached a specific Bitcoin wallet address where the victims could send payments to buy back their scrambled data. Sysdig chose to keep the identity of the target private, so we do not know which business suffered the attack.
While the actual hacking methods were fairly standard, the sheer speed of the automated script shocked investigators. When the bot hit a wall during a failed login attempt, it modified its own code and bypassed the problem in just 31 seconds. Even stranger, the script left a running commentary written in plain English inside the system logs, explaining its technical choices as it moved through the victim’s files.
Early reports suggested that the attack utilized multiple distinct language engines because investigators found security keys for OpenAI, Anthropic, DeepSeek, and Google Gemini hidden inside the recovery files. However, Clark later clarified that those high-value developer keys were simply part of the digital loot the bot scooped up during its sweep of the server, rather than the brain driving the actual attack. Security teams still do not know which specific model powered the JadePuffer operation because the code ran quietly through private channels.
Independent researchers at Microsoft suggest that the hackers likely used a free, open-weight model with its safety settings intentionally wiped out, since commercial platforms block these malicious behaviors by default. This new reality means automated extortion campaigns will soon depend entirely on a hacker’s cloud computing budget rather than human hours. Because running an autonomous agent costs pennies, security teams expect these automated intrusions to scale up rapidly across the internet.

