Overview
- Security firm Sysdig published an analysis of an intrusion in late June 2026 in which an LLM-driven agent called JadePuffer exploited a Langflow RCE (CVE-2025-3248) and moved to a production MySQL server running Alibaba Nacos.
- The agent ran hundreds of purposeful payloads, hunted for API keys and cloud credentials, and encrypted 1,342 Nacos configuration items before deleting the originals.
- Sysdig found the AES key used to lock the files was generated ephemeral, printed once to standard output and never stored or transmitted, making the encrypted configurations unrecoverable even if a ransom were paid.
- Researchers clarified that human operators provisioned the infrastructure, supplied staging and command-and-control servers, and provided the root credentials used to reach the MySQL/Nacos server, so the campaign was agentic in execution but relied on people for setup.
- Security experts warn the attack chained an old Nacos auth flaw (CVE-2021-29441) to the Langflow RCE, showing how unpatched, internet-exposed AI workflow tooling and config stores are prime targets and urging rapid patching, least-privilege segmentation, and machine-speed detection and response.