Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Donate
Discover
Submit
  • Welcome to the AIID
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Spatial View
  • Blog
  • AI News Digest
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Spatial View
  • Blog
  • AI News Digest
  • Random Incident
  • Sign Up
Collapse

Incident 1578: LLM-Driven Ransomware Operator Dubbed JADEPUFFER Reportedly Targeted Production Database

Description: Sysdig reported that a ransomware operator it dubbed JADEPUFFER used an LLM-driven agent to turn access through a vulnerable internet-facing Langflow deployment into a database-extortion operation. The report said the activity reached a production database server and produced concrete disruption, with the victim environment allegedly left in a damaged and unrecoverable state alongside a ransom demand.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: Large language model developers and AI agent system developers developed an AI system deployed by JADEPUFFER , Ransomware operators , Cybercriminals and Agentic threat actors, which harmed Database operators and Operators of Langflow deployments.
Alleged implicated AI systems: Large language models , AI agent systems , Agentic ransomware , Ransomware , Langflow , Nacos configuration service , MySQL databases and Production database servers

Incident Stats

Incident ID
1578
Report Count
1
Incident Date
2026-07-01
Editors
Daniel Atherton

Incident Reports

Reports Timeline

+1
JADEPUFFER: Agentic ransomware for automated database extortion
Loading...
JADEPUFFER: Agentic ransomware for automated database extortion

JADEPUFFER: Agentic ransomware for automated database extortion

sysdig.com

Loading...
JADEPUFFER: Agentic ransomware for automated database extortion
sysdig.com · 2026

Ransomware has had a human at the keyboard, or at least a human writing its script, since it was first established as a category of threat. The Sysdig Threat Research Team (TRT) has captured what we assess to be the first documented case of…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Loading...
All Image Captions Produced are Violent

All Image Captions Produced are Violent

Apr 2018 · 26 reports
Loading...
The DAO Hack

The DAO Hack

Jun 2016 · 24 reports
Loading...
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports
Previous IncidentNext Incident

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Loading...
All Image Captions Produced are Violent

All Image Captions Produced are Violent

Apr 2018 · 26 reports
Loading...
The DAO Hack

The DAO Hack

Jun 2016 · 24 reports
Loading...
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2026 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 18fcd27