
16.6K
Downloads
79
Episodes
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Join us monthly for an interactive Cyberside Chats: Live!
Youtube channel: https://www.youtube.com/LMGsecurity
Register Here: https://lmgsecurity.zoom.us/webinar/register/WN_4FpdxB0VQo6aURK1p7_k_g
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Join us monthly for an interactive Cyberside Chats: Live!
Youtube channel: https://www.youtube.com/LMGsecurity
Register Here: https://lmgsecurity.zoom.us/webinar/register/WN_4FpdxB0VQo6aURK1p7_k_g
Episodes

11 hours ago
11 hours ago
In this episode, Sherri and Matt discuss JADEPUFFER — the first publicly documented ransomware operation executed end-to-end by an AI agent. According to Sysdig Threat Research, the AI drove the whole intrusion: reconnaissance, exploitation, lateral movement, and extortion. It fixed its own failed attacks in 31 seconds, fired off 600+ payloads, and encrypted 1,342 database records — yet it also narrated its crimes in plain English and demanded ransom to a hallucinated Bitcoin address. Fast AND flawed: an amateur hacker operating at machine speed.
Sherri and Matt trace how we got here — from PromptLock to criminal “vibe hacking” — and what machine-speed adversaries mean for your incident response, your threat model, and your Monday-morning to-do list.
Key Takeaways:
1. Inventory your AI attack surface. Ask which of your vendors' and internal AI tools are internet-facing and unpatched — JADEPUFFER walked in through a known, long-patched Langflow vulnerability.
2. Reset your incident response expectations. Adversaries can now adapt in seconds, not hours. Human-paced SLAs are no defense against a 31-second fix loop — invest in automated detection and containment.
3. Widen your threat model. The skill floor has collapsed. Adaptive, competent attacks can now come from completely unsophisticated actors armed with an AI agent and a target list.
4. Add AI-driven attack scenarios to your next tabletop exercise — and decide in advance who can authorize automated containment, because you won't have time to convene a meeting mid-attack.
References:
1. Sysdig — JADEPUFFER: Agentic Ransomware for Automated Database Extortion (https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion)
2. BleepingComputer — JADEPUFFER ransomware used AI agent to automate entire attack (https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/)
3. The Hacker News — AI agent exploits Langflow RCE (https://thehackernews.com/2026/07/ai-agent-exploits-langflow-rce-to.html)
4. NVD — CVE-2025-3248 (Langflow unauthenticated RCE) (https://nvd.nist.gov/vuln/detail/CVE-2025-3248)
5. ESET — PromptLock, the first AI-powered ransomware (NYU proof-of-concept) (https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/)
6. Anthropic — Detecting and countering misuse (vibe hacking / GTG-2002) (https://www.anthropic.com/news/detecting-countering-misuse-aug-2025)
7. Anthropic — Disrupting AI espionage (GTG-1002) (https://www.anthropic.com/news/disrupting-AI-espionage)

No comments yet. Be the first to say something!