The first known case of 'agentic ransomware' was documented by researchers at Sysdig, where an AI agent handled the technical execution of a cyberattack from start to finish. However, a human was still involved in setting up and provisioning the infrastructure behind the operation. The AI agent broke into a vulnerable server, stole credentials, moved through the target's network, encrypted files, and wrote its own ransom note.
The attack was notable for its speed and transparency, with the agent fixing a failed login in 31 seconds and narrating its own reasoning in natural-language code comments. The techniques used were fairly ordinary, but the speed and automation of the attack were unusual.
The researchers were not able to identify the specific model driving the agent, but Microsoft researcher Geoff McDonald suspected an open-weight model with safety training stripped out. The attack raises concerns about the potential for thousands of simultaneous ransomware campaigns, but the need for human involvement in setting up each operation may limit the scale of such attacks.



