
A 15-year-old boy asked a chatbot for help – and cancelled nearly 47,000 anime streaming subscriptions in under four hours. Meanwhile, researchers have documented the first fully autonomous, agentic AI-driven ransomware attack, “JadePuffer”. What does this tell us about the future of cybersecurity?
Also, Apple’s “Hide My Email” feature turns out to hide rather less than it promises – despite Apple knowing it has a problem for over a year.
All this and more in this episode of the “Smashing Security” podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Zoë Rose.
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Smashing Security, episode 475. JadePuffer, the AI that ran a ransomware attack all by itself. With Graham Cluley and special guest Zoe Rose.
Hello, hello, and welcome to Smashing Security episode 475. My name's Graham Cluley.
This week on Smashing Security, we're not going to be talking about how a Greek politician investigating spyware had his own mobile phone hacked.
You'll hear no discussion of how a US Department of Homeland Security information sharing database has been accessed by hackers.
And we won't even mention how hackers are using a fake World Cup t-shirt offer to spread malware. So Zoe, what are you going to be talking about this week?
All this and much more coming up on this episode of Smashing Security.
They've just published a new report, 2026 State of the Cybersecurity Attack Surface, and they analysed over 800,000 real IT assets to find out how exposed organisations actually are.
Nobody added him, nobody removed him, and he's been quietly in there for 11 years downloading maps of Paraguay.
That's the path of least resistance.
And the report is free to download.
One of them involves a fully automated, sophisticated, AI-driven ransomware attack against a company. Nasty stuff.
The other involves a 15-year-old lad in Japan who just wanted to cause some chaos on an animation streaming website.
These stories appear different, but they're actually telling the same story. And that story is something we've been warning about for a while.
That the skills needed to commit a cyberattack are in the hands now of practically everybody on the internet. So let's start in Japan. Have you ever been to Japan, Zoe?
One of the things which is really big in Japan is anime. Are you into anime at all?
And there is a popular anime streaming service called Bandai Channel. And you can think of it as being a bit like Japanese Netflix, but specifically for anime.
And last November, something really odd happened on this particular streaming service. People found that they were being unsubscribed.
Not just a few people, but thousands and thousands of them. By the time Bandai Channel noticed and shut down all of its services — what the hell's going on here?
We're going to turn everything off — a total of 46,812 accounts had been cancelled in under 4 hours.
And this week, Japanese police have arrested the person that they believe to be the culprit of this particular attack, a 15-year-old schoolboy.
So it stands to reason that this would also be used, honestly.
They have got better, but what you're saying, I guess, in Zoe Rose's hacking house, maybe you are capable of subverting the security and getting around it with your elite skills.
Is that what you're saying?
We make mistakes and it just amplifies our mistakes.
According to reports, the teenager told police he didn't have a particular grudge against the company. He just could do it, and so he did do it.
I would like to think, Zoe, that you wouldn't do it now. A little bit of adult common sense or decorum.
In December last year, a 17-year-old from Osaka was arrested for using ChatGPT to build a tool that hoovered up 7.25 million records from a chain of internet cafes.
And apparently his goal was to steal credit card information from members in order to then go and buy Pokémon cards, which, I mean, it sounds like a complete cliché, doesn't it?
In Japan to do something like this.
Before that, in February, three teenagers — a 14-year-old, a 15-year-old, a 16-year-old — were arrested for using ChatGPT to fraudulently generate mobile phone contracts in other people's names.
And they sold these stolen Rakuten mobile subscriptions for cryptocurrency and then used the proceeds to gamble online and buy video game consoles.
So there's been a fair amount of this.
Three separate cases in Japan, multiple teenagers, all using AI chatbots as their primary development tool, just like teenagers are probably using AI to write their homework these days as well.
Now, I don't want to suggest that these kids are going to a chatbot and just typing in something like "hack the Bandai channel" into ChatGPT.
The 15-year-old arrested this week clearly had some existing tech expertise.
But what is happening is the gap between being an interested teenager who's got some computer knowledge and a person capable of attacking a platform with 46,000 users and stealing their information — that has noticeably reduced.
That's one of the big changes AI has caused.
It is interesting and I will admit it is helpful, but, and that's the big but, if I know what I need done and I understand the foundations, I can make it effective for me.
So, if I'm not a skilled person and I'm using it for a skilled resource, it's noticeably lacking a lot of things.
But I think the way that our brains seem to function is if we think that this feature can work for us, we start to lose that functionality in ourselves.
I don't ever, well, maybe, maybe I'm wrong, but I don't foresee it in the near future to fully replace people because it doesn't have that capability.
But the problem is before it gets to the place where it can replace people, do we still have the skills on our side?
Well, what it feels like to me is that something which would have taken years of study for a human and weeks of hard work can now be accomplished in an afternoon with the aid of an AI.
This thought that AI can be harnessed by people with little technical knowledge to cause some harm brings me to my second story, which shows, I believe, where things are heading.
So security researchers at Sysdig have just published what they're calling the first documented case of fully autonomous AI-driven ransomware.
This is not AI-assisted, it's not AI-accelerated or any of those sort of marketing terms. There's no human steering the attack at all.
This is just an AI agent doing the entire job from start to finish entirely by itself. And they're calling this thing Jade Puffer. Because, well, why wouldn't you?
Maybe, maybe the name is actually made up by an AI. Maybe.
So all my codenames are in a theme. So if you figure out certain projects and certain things that needed codenames anywhere I've worked, you probably can guess which ones I created.
It finds a way in, it steals passwords, it breaks into secondary servers, it encrypts the data, it leaves a ransom note demanding bitcoin, all without a single human having to put a hoodie on in their darkened bedroom.
There'd been a patch out for at least a year. They hadn't patched it. And it was internet-facing.
'Cause you know, that's often what they're after now. They don't want to use their own AI tokens. They'd rather use someone else's.
And they're stealing cloud infrastructure credentials for AWS, and cryptocurrency seed keys to break into wallets.
And then it moved on to its real target, which was the company's production database.
And it tried to create a hidden admin account for itself to access that database, but it failed. It made a technical error.
And what was eye-opening was that the AI diagnosed the problem as it was trying.
Now, Sysdig's researchers, they said if a human had read that same error message—
It would have not taken 31 seconds to recode in order to do it properly.
And the kind of question which would only be asked by a cynical cybersecurity expert such as yourself, because actually you have put your finger on the whole flaw in this plan.
So it effectively disappeared. Even if someone had paid, there was no chance you were ever going to get the decryption key back to get your data back.
So there was a flaw in the code.
But more than that, in the actual ransom note where it listed the bitcoin address, what it used was a generic bitcoin address, which is used in all the bitcoin documentation.
It's like using .
I know how to do this because it's done it for me, but I don't actually know how to apply it logically.
Because the AI couldn't stop itself from offering a running commentary on what it was doing.
So when they looked at its attack scripts, they were stuffed with comments and explanations of what it was doing.
And as we know, no humans are ever gonna document— It's commenting!
Less than ideal for the criminals, really.
So what connects this 15-year-old in Japan who zapped these 46,000 anime accounts and this rogue AI that wiped a company's database and then forgot how to actually extort the money afterwards?
I think the connection is that AI is making it easier to be a cybercriminal. It is opening up this career opportunity, if you like, to more people.
So as people are struggling with the cost of living, as people are finding, oh, crumbs, you know, I can't get a job or whatever, more people might be tempted into cybercrime because AI could well help them.
JadePuffer, this new ransomware, it's not perfect. It fell over. It failed to handle the encryption properly and extort any money.
But sooner rather than later, as you've already suggested, I think problems like that are going to be fixed.
NordLayer is a network security platform built for businesses.
It's a scary world out there for travelling workers.
But it goes well beyond just encrypting the connection.
You get centralised control over who can access what based on their identity, their device, whether their device is actually compliant, and if someone leaves the company, you revoke their access immediately.
So if someone on your team has started using some AI tool that your security team hasn't approved—
Use the code NLsummer26 at checkout.
It generates a random email address that you can enter instead of your main email.
Theoretically, the point is privacy, to keep from the association with this, whatever you're signing up for, with your true identity.
I don't use it for a highly sensitive sort of, maybe I don't want somebody to associate this action with my identity. I don't use it in that use case.
But being as what it was marketed as, I could imagine a lot of people do.
So theoretically, if I go to a naughty site and I want to sign up for an account and I don't want you to see it's me, I could use this generated account and then this site will email this generated account, which would then come to my main legitimate email.
Theoretically, it's going to be very helpful for a lot of people. From my perspective, I would still make the assumption that that's traceable without knowing that it was. Yeah.
I didn't know it was. I always assumed it would be because, you know, it's technology and technology is—
You know that picture where it's like the guy and he's got the pictures and all the red strings together?
And I still look it, but LLMs, further to what you were talking about, they just make that easier as well because you can aggregate data quite quickly with a lot of tooling.
I imagine they're using LLMs as well to aggregate more data, because it's not that difficult to tag and connect the dots.
So, I would always assume that they're connectable. But as a non-technical person, I could 100% see how they would not think that this is connectable.
And if you're doing it because you're hiding some kink, okay, embarrassing, not the end of the world. But for some users, they're trying to get help for dangerous situations.
Maybe they're a survivor of domestic abuse and violence.
And so I agree with the Smashing Security researchers' publication of the fact that it is vulnerable and it is not protecting you in the way that it's supposed to be, or it claims to be.
The disappointing thing is apparently it was June last year that the vulnerability was disclosed to them.
So the one thing I always get frustrated with, they're marketing their autonomous cars, is they're not actually autonomous, or they can't achieve what they want, or they don't even have the capability that they're marketing.
And that's dangerous for people's safety. This is also dangerous.
Maybe it's not as physically visible how dangerous it can be, but I work and volunteer with organisations that support survivors of domestic abuse and violence.
I've also been through a very similar situation myself. It's scary being in that environment.
And when the technology you're relying on to protect you, and in some people's case it is protecting their life, and you're not doing it to the best of your ability, that's, that's really, really disappointing.
So I'm hoping it resolves it, but I think the main takeaway here is you cannot rely 100% on technology. You just can't.
Because of the false confidence it creates, because people would have used this thinking they were being private, thinking they were doing the right thing.
It's the cases that it's not fine and assuming that it is, that you're protected, where it can go drastically wrong.
I think knowing that it is broken allows you to consciously choose what use cases is it going to fit for, right?
Not knowing means that you're unconsciously putting yourself at risk, and that's what I'm not okay with. I still make use of the functionality for the case that I've already said.
If I want to have a temporary mailbox, it's a great resource. It's still connectable, yes, but it's a great resource. I can just remove it.
At the end of the day, you have to be separate, but as our lovely 15-year-old found out, OPSEC is very difficult. Right?
And so, if you want to keep them separate for your own safety or for specific reasons, maybe you have a much, much more intense threat map than I do, and you've got nation state after you, then there's a lot more to consider.
So, who's accountable there if something happens? How do we force organisations to care? And I think at the end of the day, we're European, right?
Well, European, not EU for you, but—
But at the end of the day, we have more protections than somebody in North America because of the regulations and putting the accountability back on the vendor.
So, as these things happen and as technology changes, as much as I hate regulation and compliance for the sake of compliance, I do hope it makes a difference and puts more accountability back on the organisations to respond in an appropriate timeframe and not market falsely.
It automates all of that tedious manual compliance work so you can stop drowning in spreadsheets, chasing audit evidence, and filling out questionnaire after questionnaire.
It also uses AI to streamline evidence collection and flag risks. It automates compliance for SOC 2, ISO 27001, HIPAA, GDPR, and more.
Head to vanta.com/smashing, that's V-A-N-T-A dot com slash smashing, and get started today.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security related necessarily.
Now, my pick of the week this week is related to a news story which I saw on July 1st.
TV stations in America, they broke their 24-hour rolling news to report on what was going on at the Empire State Building in New York.
They're on the antenna with a flag.
They appear to be protesters and have unfurled a banner that says, "When the power of love beats the love of power, the world knows peace." NBC New York is covering all of it.
They unfurled a banner saying, "When the power of love beats the love of power, the world knows peace," which is, you know, a very groovy thing to say.
They got down from the very top onto a platform and the man got down on one knee and nervously proposed to the woman who had climbed up there with him.
And, you know, it was all in some ways charming, in other ways just like, what the bloody hell are they doing?
Is this what everyone's going to be doing now to propose to each other? This is insanity. And they were arrested, of course. Their names are Angela Nikolau and Ivan Birkus.
They are two Russian, what are called, rooftoppers, who climb buildings. You know, they don't have all the safety gear. They just go up in their trainers, it seems.
And it is that documentary which is my pick of the week. And I'll tell you something about myself, Zoe. I am terrified of heights, right?
I can't stand on a stool, let alone climb up a ladder.
I have in the past got up into the loft in my house and I've then been stuck there for 45 minutes thinking, how am I going to get— and that's when there's a ladder attached to the loft.
You know, it's like, how am I going to get down? But aside from being terrified of heights, I am weirdly drawn to them. I am always thinking, oh, I want to test my fear of heights.
See, is this quite as scary. Will I want to throw myself off the— that's my worry, is my brain will sort of short circuit and throw myself off just impulsively.
Anyway, I cannot tell you how stomach-churning this documentary was to me because I'm watching these two people climb buildings without permission.
And they sort of fell in love doing it, which is charming, but sometimes they're having a bit of a row on the way, which has all been recorded on their GoPros.
And the woman at one point was having a real panic attack, which is understandable. I would be having a panic attack. I would feel paralysed as well.
And the guy is saying, "Come on, you can do it," and all the rest of it. And she's like, "No, no, really, I can't." And then she wants to, she wants to prove that she can.
I'm not saying that what these guys do is advisable or admirable. I think there's—
I also think it's questionable why Netflix, you know, why is this documentary being made? Is there then a compulsion for people to carry on doing these things?
So what she does is she takes an outfit with her, she's got her heels, and she's doing all these sort of glamorous shots of herself doing acrobatics on the top of buildings, you know, which, I mean, they are amazing photographs, but surely if there was one reason why AI was invented was to stop people climbing up buildings and putting their lives at risk to pose on top of a skyscraper.
Anyway, is this my pick of the week, or is this my nitpick of the week?
I'm not sure, but that is what I'm talking about on Smashing Security today.
And donate it because I've got this Thermomix replaced. But basically it weighs, it measures, it mixes and cooks and all of those fancy things.
I've made ice cream and lemonade and every dinner, and it does my shopping.
It makes shopping super bloody easy because then I just put it in the thing that delivers. Because I'm not going to the shop with two children and a bloody cat.
So it's really useful and it allows me to cook things that are actually really good, to the point where, because I'm not a very good cook, let's be honest.
You want me to investigate an incident? Right on. You want me to cook pizza from scratch? Questionable. But in this case, it works.
I'm sure lots of listeners would love to find out what you're up to and follow you online. What's the best way to do that?
But I think I'd also like to flag that if they're somebody that related to the story I said earlier about high threat profiles, I would suggest they go and look at organisations like Operation Safe Escape or any organisations that specifically tailor their support to domestic abuse and violence survivors, because they will understand those threat maps a lot better than I can summarise.
And listeners, you can find me, Graham Cluley, on LinkedIn or follow Smashing Security on Bluesky and Reddit and Mastodon. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts for episode show notes, sponsorship info, guest lists, and the entire back catalog of 475 episodes.
Check out smashingsecurity.com. Until next time. Cheerio, bye-bye. Cheers. You've been listening to Smashing Security with me, Graham Cluley.
Thanks ever so much to Zoe Rose for joining us this week and to this episode's sponsors, Arctic Wolf, NordLayer, and Vanta.
Make sure to check out their special offers because they're supporting the show.
And talking of people supporting the show, thanks to the following fine fellows, all signed up members of Smashing Security Plus. Let's pick out some of them from the hat right now.
We've got first up, Darryl Green and Dave Barker. Both of them sound very dependable. I'd trust them to look after my plants while I'm on holiday.
Big yay to Richard Anand, Christoph Goossens and Travis West. Travis West.
Sounds like a Wild West character riding into town, sorting out your endpoint security, then riding off again without a word. And not also to Heisenberg.
We know who you are, but we can't be certain where you are. And that's fine.
Big thanks to Darren Kenny and to the magnificent Trogdork, a name that sounds like the final boss you'd have to beat in a game of Zelda, but probably turns out to be really good at patching vulnerabilities.
Oh, and finally, Daniel Kromeck and Billy, just Billy, one name Billy, no further questions. He's happy with that.
Those are just a few members of Smashing Security Plus, which means that they get their episodes completely ad-free, earlier than the general public as well, they get them.
And they can have their names pulled out at random to be mercilessly mocked at the end of the show. Who could want for more?
If you fancy a little bit of that, join Smashing Security Plus. Just head over to our little club at smashingsecurity.com/plus for all of the details.
But you don't have to become a member of that. You could support the show in ways which don't cost a penny by liking, subscribing, leaving a 5-star review wherever you listen.
That will warm my cockles. And of course, tell your friends about the show. Spreading the word really does help. And, well, until next time, cheerio, bye-bye.
Host:
Graham Cluley:
Guest:
Zoë Rose:
Episode links:
- Politician who investigated spyware abuses had his phone hacked with Pegasus spyware – TechCrunch.
- Hackers breached DHS information-sharing network, people familiar say – Nextgov.
- Hackers Use Fake FIFA World Cup 2026 T-Shirt Offers to Spread Voidrift Malware – Hackread.
- Japanese teen arrested for cyberattack that unsubscribed over 46,000 anime accounts – The Straits Times.
- Police arrest high school student over cyberattack on net cafe operator – The Japan Times.
- Japanese teens arrested for using AI to create illegal phone contracts – The Peninsula Qatar.
- JADEPUFFER: Agentic ransomware for automated database extortion – Sysdig.
- Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses – 404 Media.
- Two people arrested in apparent marriage proposal atop Empire State Building – The Guardian.
- Skywalkers: A Love Story – Netflix.
- Thermomix – Vorwerk.
- Operation Safe Escape.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Arctic Wolf – See why 1 in 3 IT assets is missing a critical security control. Download the 2026 State of the Cybersecurity Attack Surface report.
- NordLayer – the network security platform for modern teams across different work environments. Use code NLSUMMER26 for up to 20% off annual plans.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.


