← The Wire
Source trail

Sysdig Threat Research

Public MindPattern findings, entities, and graph evidence that cite this source.

Findings
5
All-time hits
4
High value
3
Last seen
2026-07-07

Connected entities

Related findings

  1. 2026-07-07 / SOURCESSysdig Documents JADEPUFFER — The First End-to-End Autonomous AI Ransomware OperationSysdig's Threat Research Team published a full analysis of JADEPUFFER, where an LLM agent drove an entire intrusion — exploiting a Langflow instance via CVE-2025-3248, harvesting credentials, moving laterally, escalating privileges, and running a database-extortion playbook with 600+ purposeful payloads. Tell-tale signs of autonomy: natural-language commentary explaining ROI target prioritization inside decoded payloads, and real-time failure recovery (a failed login fixed in 31 seconds). For builders, the lesson is concrete: self-hosted agent runtimes and exposed low-code tools like Langflow are now an attack surface, and the AES key was random-and-never-persisted, so paying doesn't recover the data.
  2. 2026-06-08 / AGENTSPraisonAI Agent Framework (CVE-2026-44338) Probed Within 3h44m of Disclosure — Auth Disabled by DefaultCVE-2026-44338 (CVSS 7.3) stems from PraisonAI's legacy Flask api_server.py shipping with AUTH_ENABLED=False and AUTH_TOKEN=None, exposing GET /agents and POST /chat so anyone on the network can execute agent workflows and drain API quotas without credentials. Sysdig documented a scanner identifying as 'CVE-Detector/1.0' hitting the exact endpoint 3 hours 44 minutes after the advisory went public. The flaw affects versions 2.5.6–4.6.33 and is fixed in 4.6.34 — a sharp example of insecure-by-default agent tooling meeting near-instant mass exploitation.
  3. 2026-06-02 / SKILLSSysdig Documents First Confirmed Autonomous LLM-Agent Cyberattack — Four Pivots, AWS Database Exfiltrated in Under Two MinutesSysdig threat researchers documented the first confirmed in-the-wild cyberattack where an LLM agent served as the autonomous post-exploitation operator with no human directing individual steps. The attacker exploited CVE-2026-39987 (Marimo notebook RCE), extracted cloud credentials, replayed them to retrieve an SSH private key from AWS Secrets Manager, and drove eight SSH sessions into a bastion host — exfiltrating a full Postgres database in under two minutes. Sysdig's Sr. Director Michael Clark: 'We are not watching AI replace attackers. We are watching attackers replace their scripts with AI.'
  4. 2026-04-03 / AGENTSSysdig Documents Langflow CVE-2026-33017 Attack Timeline: Three-Phase Compromise in 20 HoursSysdig Threat Research published a detailed post-mortem of active CVE-2026-33017 exploitation against Langflow AI pipeline instances, documenting a three-phase attack timeline starting just 20 hours after disclosure with zero public PoC code. Phase 1: automated nuclei scanning with base64 exfiltration via interactsh. Phase 2: custom Python exploitation with pre-staged infrastructure deploying stage-2 payloads. Phase 3: data harvesting targeting LLM provider API keys (OpenAI, Anthropic), AWS credentials, database connection strings, and deployment configurations. The unauthenticated RCE (CVSS 9.3) in the public flow build endpoint executes arbitrary Python server-side without sandboxing — CISA set an April 8 federal remediation deadline.
  5. 2026-04-03 / SKILLSSysdig Runtime Security for AI Coding Agents: Syscall-Level Detection of Claude Code, Gemini CLI, and CodexSysdig TRT instrumented Claude Code (Bun binary), Gemini CLI (Node.js), and Codex CLI (Rust binary) at the syscall level, revealing behavior invisible from agent UIs or logs. They published Falco/eBPF detection rules covering four patterns: agent installation detection, sensitive file access attempts, risky CLI arguments that weaken safeguards, and dangerous activity including reverse shells and binary tampering. First production-grade runtime security specifically designed for AI coding agents.
Open latest cited source