Earlier this month, Sysdig published research on JADEPUFFER, what they assess to be the first end-to-end agentic ransomware operation: a full attack chain from initial access to data destruction, driven by an LLM agent with no human operator at the keyboard. I've been tracking this story since it dropped July 2, and I want to walk through what actually happened before the hot takes bury the technical detail. What the Attack Actually Did The entry point was CVE-2025-3248, a missing-authentication vulnerability in Langflow's code validation endpoint. CVSS score of 9.8. Langflow is the drag-and-drop flow builder a lot of teams use to wire together LLM pipelines. The flaw lets an unauthenticated caller execute arbitrary Python on the host. Game over for initial access. Once in, the agent ran a methodical sweep: dumped Langflow's PostgreSQL database, harvested environment variables, scraped credentials from config files, inventoried a MinIO object store. The credential haul ...
Anthropic dropped Claude Sonnet 5 on June 30, and the positioning is deliberate: this is the most agentic Sonnet model they've shipped. Close to Opus 4.8 in performance, at 40% lower cost at standard pricing, and 60% cheaper during the introductory window that runs through August 31, 2026. For anyone running multi-step agents at scale, this changes the cost math in a concrete way. What's actually in the release Sonnet 5 ( claude-sonnet-5 ) sits between Haiku 4.5 and Opus 4.8 in the lineup, but Anthropic is pitching it as the default workhorse for most agentic work. It carries a 1M token context window, 128k max output, and adaptive thinking. Fast latency. And it defaults to effort: high on the Claude API and Claude Code, meaning the model engages its full reasoning budget by default. That's the same default as Opus 4.8. Here's the full pricing picture now: Haiku 4.5 : $1/$5 per million tokens. Fast, near-frontier for simple tasks. Sonnet 5 intro (through Aug 31)...