Yesterday our founder and CEO @theonejvo spoke with @sharongoldman at Ground Level AI about JadePuffer, the campaign researchers are calling the first documented case of AI-orchestrated ransomware.
It is a real milestone, and we want to break down what it actually represents. The techniques themselves are ordinary, and that is the point worth understanding.
JadePuffer chained together a missing-auth RCE, default credentials shipped straight from the vendor, and a signing key that has been public since 2020.
The fact that every one of these types of vulnerabilities were exploitable years ago means none of them, on their own, tell you anything new about the threat landscape.
The significant part is the orchestration.
A single model carried the operation from initial access through credential theft, lateral movement, persistence, and destructive extortion, and it reasoned through each decision as it went. When a login failed, it read the error, deduced that a subprocess had dropped its path and returned an empty password hash, rewrote its approach, and succeeded.
That is root-cause analysis at machine speed.
In our assessment, this is the capability worth tracking, because it collapses the cost of a competent, adaptive intrusion down to roughly the price of running the agent.
For those of us working at the frontier of AI security, this arrived on schedule.
The same agentic loops that make an engineer productive are dual-use by construction, since intrusion and software engineering are the same activity aimed at different ends.
What follows is a defensive posture that is demanding but knowable.
Hygiene still carries most of your leverage, because this operation rode entirely on exposed infrastructure and unchanged defaults.
Scope your credentials into a secrets manager.
Weight your detection toward runtime behavior over signatures.
Automate containment, because an agent finishes long before an analyst returns a call.
And use the tell - these agents narrate their own intent in code. That fingerprint is a gift, and defenders should be built to hunt for it.
Sharon's full piece is below.
Earlier this week our CEO and Founder @theonejvo spoke with @notLeonardCohen from @ACSnewsfeed's (Australian Computer Society)'s Information Age about the Five Eyes cyber security agencies' latest statement, a sober and needed direct warning about AI driven cyber risk from the alliance spanning Australia, New Zealand, the US, UK, and Canada.
The message from Five Eyes is clear - AI is already here, it is lowering the barrier for malicious actors, and it is shrinking the window between vulnerability discovery and exploitation.
Their assessment is that cyber risk assumptions can now go stale in months rather than years, and that defenders need to move faster and more deliberately to keep pace.
Speaking with Information Age, Jamieson noted that frontier models are already compressing the attack lifecycle across discovery, chaining, and exploitation, while at the same time handing defenders powerful new tools.
As he put it, the gap between what advanced offensive AI can do today versus traditional red teaming already speaks for itself. The Five Eyes are correctly flagging that defenders must match that speed and sophistication deliberately, or they will lose ground rapidly.
He was also candid about where organisations go wrong.
Delaying foundational hygiene such as patching, legacy system remediation, identity controls, and attack surface reduction, while hoping AI magic fixes everything, is a recipe for fast and expensive breaches.
So what does getting this right actually look like?
In Jamieson's words, good AI implementation means treating AI as a force multiplier for resilience and detection rather than a shortcut to efficiency. It is rigorously red teamed, ideally against other frontier offensive agents, integrated with strong human oversight and secure by design principles, and continuously pressure tested against real attack chains.
Bad implementation is bolting on AI tools primarily for cost or speed gains without equivalent adversarial testing, and deploying agentic systems with broad tool access before the security model has caught up.
This is the exact problem we built Aether AI to solve.
As Australia's first dedicated frontier AI attack and defence platform, our agents continuously emulate sophisticated adversaries at machine speed, so defenders can shrink their disadvantage before attackers exploit it.
The Five Eyes said it plainly. We must act now.
This week, our CEO and Co-Founder @theonejvo was interviewed by @sharongoldman of @FortuneMagazine for her in-depth article on a new research paper from the @UofT.
The study demonstrates an autonomous AI-driven worm capable of adapting, reasoning, and spreading across a simulated corporate network with no human intervention-exploiting nearly three-quarters of the machines in just one week.
In the conversation, Jamieson shared his perspective on what this development means for the cybersecurity landscape.
He noted that while laboratory demonstrations like this one use intentionally vulnerable environments, the core capability is real and growing rapidly. AI is steadily lowering the barrier to building autonomous offensive tools, which is why he views the research as an important warning sign rather than a surprise.
Jamieson emphasized that defenders still hold meaningful advantages-particularly in detecting the unusual network traffic and activity generated when worms move large AI models or operate across systems.
However, he cautioned that this edge will erode as models become smaller and more efficient.
Organisations cannot afford to rely solely on traditional patching timelines; they must become more precise in prioritising risks that truly enable attacker control.
At @tryaether_ai, we continue to focus on building the next generation of defensive tools and red-teaming capabilities that help security teams stay ahead of these adaptive threats. This includes helping organizations simulate realistic adversarial scenarios, identify critical exposure points, and strengthen their resilience against increasingly sophisticated AI-augmented attacks.
We're grateful to Sharon and the Fortune team for highlighting this important topic, and we look forward to continued dialogue across the industry on practical ways to defend against agentic AI threats.
The future of cybersecurity will require both stronger software foundations and smarter, AI-powered defences-and we're committed at the frontier to ensure both evolve.
Our founder and CEO, @theonejvo, was cited in the @verge this week among the independent researchers impressed by @AnthropicAI Fable 5's launch-day protections. Here is what was tested, and why the industry measures the wrong thing.
Most of the frontier cyber conversation rests on familiar tools: capture-the-flag puzzles, vulnerable practice environments, and codebases with a weakness already planted inside. If a model finds the bug or recites the technique, that is treated as danger. Yet this is exactly the material that leaks into training, so a high score can mean the model recalled a solution rather than worked one out.
The jailbreak discourse repeats the error: it asks whether a model can be coaxed into talking about an exploit, describing a buffer overflow or producing attack code. Getting a chatbot to speak is a different problem from getting a model to act.
A real intrusion is a long, coherent campaign that reaches far beyond spotting a vulnerability: gaining a foothold, holding it through persistence, escalating privilege, moving laterally, drawing data out, and delivering impact. Each stage depends on the last and demands the model hold the whole picture in mind, recover from dead ends, and keep its intent straight over dozens of turns against a system it has never seen. That sustained competence separates a model that can talk about hacking from one that can do it.
Our testing probes exactly that. Jamieson ran Fable 5 through PolyRange, his own evaluation framework, which builds a wholly new, fictitious target each trial, its secret reachable only by completing a working attack. That closes the contamination loophole and forces real work across the full chain on unfamiliar ground.
Across a long, many-step engagement, all 181 of the model's responses came from the weaker fallback, though every request named Fable. A controlled split confirmed it: benign queries to Fable, every offensive request to the weaker model. The safeguard stopped the chain every time the work turned hostile.
We are candid about the limits. Jamieson made no concerted effort to defeat the safeguard, which others have since reported doing, though those reports describe eliciting a description or a single output. The harder question is whether a jailbroken model will coherently carry a complete attack to impact; public demonstrations have largely stopped at elicitation, and on Fable the chain broke each time. The test was small, covering Fable 5 alone, not the more powerful Mythos 5.
Export policy should be shaped by the model that can be driven, start to finish, through a real-world attack, for which a model that merely talks is a weak proxy.
Until the debate rests on contamination-free, end-to-end evaluation, it will keep mistaking recall for skill and speech for action.
It's now a race. Defenders hardening at machine speed vs AI-enabled adversaries weaponising at machine speed. The side that moves faster wins each vulnerability. The side that moves slower writes the breach report.
We started Aether AI on the conviction that defenders who survive the next decade are the ones who can attack their own environments with frontier AI and convert what they find into hardened systems faster than the adversary population can do the same from the outside.
9K Followers 8K FollowingDoing interesting research with TRMs. Maybe solved Bitcoin scaling.
Fd. @tradelayer @moralitylab
Build treasures in the heavens
Feed the hungry in war zones
191 Followers 1K FollowingPassionate about AI and ChatGPT technology. Always exploring new ways to utilize these tools to improve businesses and daily life.
24K Followers 1K FollowingHacker. T̶h̶i̶n̶k̶i̶n̶g̶ Doing outside the box.
Founder @d_vuln
Breaking frontier AI models at https://t.co/GnRR2W3Nza
Building the worlds most dangerous AI @tryaether_ai