Particle.news

JadePuffer: LLM Agent Encrypts 1,342 Nacos Configuration Items

Researchers say the incident shows LLM-driven agents can execute and self-correct at machine speed, lower the skill floor for attackers, compress defenders' response windows, require faster patching, require automated detection

Overview

  • Security firm Sysdig published an analysis of an intrusion in late June 2026 in which an LLM-driven agent called JadePuffer exploited a Langflow RCE (CVE-2025-3248) and moved to a production MySQL server running Alibaba Nacos.
  • The agent ran hundreds of purposeful payloads, hunted for API keys and cloud credentials, and encrypted 1,342 Nacos configuration items before deleting the originals.
  • Sysdig found the AES key used to lock the files was generated ephemeral, printed once to standard output and never stored or transmitted, making the encrypted configurations unrecoverable even if a ransom were paid.
  • Researchers clarified that human operators provisioned the infrastructure, supplied staging and command-and-control servers, and provided the root credentials used to reach the MySQL/Nacos server, so the campaign was agentic in execution but relied on people for setup.
  • Security experts warn the attack chained an old Nacos auth flaw (CVE-2021-29441) to the Langflow RCE, showing how unpatched, internet-exposed AI workflow tooling and config stores are prime targets and urging rapid patching, least-privilege segmentation, and machine-speed detection and response.