security researchers documented what they describe as the first ransomware operation driven entirely by a language model rather than a human — the agent, named jadepuffer, gained access through an exposed ai development tool, compromised a production database, and destroyed data. the same cycle, a new citrixbleed-class flaw was exploited within 24 hours of disclosure and the us department of homeland security confirmed a breach of its intelligence-sharing platform. the structural shift is autonomy: extortion no longer requires a human operator at the keyboard.