THE WORLD’S FIRST FULLY AUTONOMOUS AI RANSOMWARE JUST ENCRYPTED 1,400 COMPUTERS IN 12 MINUTES WITH NO HUMAN AT THE KEYBOARD
The war changed on June 29. A criminal group deployed what security researchers are now formally calling the first fully autonomous AI-driven ransomware in recorded history, and it did not need a human to make a single decision after launch. The weapon, codenamed JadePuffer, was built on a fine-tuned uncensored version of Meta’s Llama 4, running inside a containerized server. The AI agent was handed one objective and executed the entire kill chain on its own: it found an unpatched VPN vulnerability, broke through, stole credentials, moved across the network, elevated its own privileges, and encrypted 1,400 endpoints inside a European logistics company. It did all of this in under 12 minutes. The ransom demand was 45 Bitcoin, and the notes referenced specific stolen files to prove the damage was real. The attack was not discovered because someone saw it happening. It was discovered after the damage was done. CISA issued an emergency bulletin on July 4, designating this a new threat class. The bulletin made clear that every phase of a cyberattack, the kind that used to require a skilled human operator at every step, can now be handed off to a machine. Defenders have no equivalent automation in place. That gap is the problem.
Keywords: JadePuffer ransomware, autonomous AI cyberattack, CISA emergency bulletin, AI security threat