Ransomware has always needed a person. Someone skilled enough to break in, work out where the valuable data sits, spread through the network without tripping an alarm, and hold it all to ransom. That skill is exactly what kept the worst attacks relatively rare. Last week, that assumption came apart. Security researchers documented a ransomware attack that was run, from start to finish, by an AI agent, with no human driving it.
The team at Sysdig, a cloud-security firm, published its findings on 2 July 2026, naming the intruder JADEPUFFER and calling it the first known case of a ransomware operation carried out end to end by an AI. The agent handled the whole job on its own: it found the way in, harvested and reused credentials, moved sideways through the systems, dug in so it could not be easily removed, and then destroyed the data. When a step failed, it simply reasoned about the problem and tried again, turning a failed login into a successful one in about half a minute. No mastermind at a keyboard, just a model working through the plan.
This did not come out of nowhere. A month earlier, on 8 June 2026, Anthropic's security researchers published a study on how quickly AI can weaponise known software flaws, and found that work which used to take a skilled expert weeks now takes an afternoon and a few thousand dollars, with little specialist knowledge required. JADEPUFFER is that finding walking out of the lab and into the real world. The bar for pulling off a serious attack has quietly collapsed, and that changes the risk for every business, not just the big ones.
The way in matters more than the ransomware
Here is the detail that should stop an owner in their tracks. The attack did not begin with some ingenious new hack. It walked in through an AI tool that had been left exposed on the internet, running with a known weakness that already had a fix available. Nobody had locked it down. In the rush to plug AI into the business, a piece of software had been stood up in a hurry, pointed at the open web, and forgotten. That open door was all the agent needed to get started.
That is the uncomfortable pattern of this moment. The same wave of AI tools that lets a small team punch well above its weight also multiplies the number of doors into the business, and most of them are being wired up fast and left unattended. We have written before about the difference between bolting a tool on and building a proper system, and this is that lesson with the stakes turned all the way up. An AI setup that is quick to demo and never hardened is not a shortcut. It is an exposure sitting quietly until something finds it.
Why small business is the softest target
It is tempting to read a story like this and assume it is a big-company problem. The opposite is true. Small businesses have long been the favourite target for ransomware precisely because they hold data worth taking and rarely have the defences a large firm can afford. Now the economics have shifted the wrong way again: when an AI can run the whole attack cheaply and tirelessly, there is no longer any reason for an attacker to skip the small operator. The effort that once had to be reserved for a worthwhile payday can now be pointed at everyone at once.
Simon Willison, one of the clearest voices on the security risks of these systems, has spent the past year pointing out that AI agents are powerful precisely because they will act on their own, which is the same reason they are dangerous when they land in the wrong hands. That double edge is the whole story here. The capability that makes an agent brilliant for your business is the capability that makes it brutal as a weapon. Neither side of that is a reason to sit out AI. Both are a reason to treat how it is set up as the thing that actually matters.
What good looks like
You do not keep up by learning to fight AI attackers yourself, and you should not try. You keep up by making sure the AI and automation you adopt is built so it is an advantage rather than an open door. Here is what that looks like once it is handled properly:
- Every AI tool the business runs is accounted for and deliberately set up, not stood up in a hurry and forgotten on the open internet.
- The tools you rely on are kept current and locked down, so a known flaw with a fix already available is never left sitting there as an invitation.
- Each tool has only the access it genuinely needs, so if something does get in, the damage is contained rather than a free run of the whole business.
- The plumbing is watched, so an unusual burst of activity is noticed early instead of discovered when the data is already gone.
- The whole setup is treated as a living system that someone stays accountable for, not a one-off install nobody looks at again.
The attacker no longer needs to be skilled. The AI supplies the skill. What still decides whether you are safe is whether your own tools were built properly or just bolted on and left open.NextAura
None of this is a reason to slow down on AI. The businesses using it well are pulling ahead, and stepping back from it would cost you far more than it saves. The point is simpler and harder: the advantage and the exposure come from the same place, so the way your AI is built is not a technical footnote, it is the difference between a quiet edge and an expensive lesson. That is exactly why doing it deliberately, with someone accountable for the setup, is worth more now than it has ever been.
This is the work we do at NextAura. We build the AI agents and automation that let a small team do far more, and we build them the careful way: accounted for, kept current, given only the access they need, and watched long after the demo, so the tools that speed you up are not the ones that let someone in. If you are adopting AI and want it done so it is an edge rather than an exposure, get in touch and we will set it up properly, then keep an eye on it while you get back to running the business.