Earlier this month, Sysdig published research on JADEPUFFER, what they assess to be the first end-to-end agentic ransomware operation: a full attack chain from initial access to data destruction, driven by an LLM agent with no human operator at the keyboard. I've been tracking this story since it dropped July 2, and I want to walk through what actually happened before the hot takes bury the technical detail. What the Attack Actually Did The entry point was CVE-2025-3248, a missing-authentication vulnerability in Langflow's code validation endpoint. CVSS score of 9.8. Langflow is the drag-and-drop flow builder a lot of teams use to wire together LLM pipelines. The flaw lets an unauthenticated caller execute arbitrary Python on the host. Game over for initial access. Once in, the agent ran a methodical sweep: dumped Langflow's PostgreSQL database, harvested environment variables, scraped credentials from config files, inventoried a MinIO object store. The credential haul ...