World's first known AI-powered ransomware emerges

Appears to be a proof of concept rather than a serious threat at this stage

Researchers at security vendor ESET have uncovered PromptLock, the first known ransomware strain powered by generative AI.

This cutting-edge malware uses OpenAI's gpt-oss-20b language model to autonomously create malicious scripts on the fly, representing a significant evolution in cyberattack techniques.

Unlike traditional ransomware that relies on static code, PromptLock runs a locally accessible AI model to dynamically generate Lua scripts during an infection. These scripts are designed to be cross-platform compatible, capable of running on Windows, macOS and Linux systems.

Using hard-coded text prompts, the AI-driven malware scans the infected device's local filesystem, analysing files to decide whether to copy (exfiltrate), encrypt, or potentially destroy data.

Although a destructive function exists in the code, it is currently inactive, suggesting the malware is still in development.

A significant shift in the cyber threat landscape

The ransomware uses SPECK 128-bit encryption and is programmed in Golang. Early variants of the malware have already appeared on VirusTotal, a Google-owned malware analysis platform.

"The emergence of tools like PromptLock highlights a significant shift in the cyber threat landscape," said ESET researchers Anton Cherepanov and Peter Strýcek in a press release.

"With the help of AI, launching sophisticated attacks has become dramatically easier — eliminating the need for teams of skilled developers. A well-configured AI model is now enough to create complex, self-adapting malware. If properly implemented, such threats could severely complicate detection and make the work of cybersecurity defenders considerably more challenging."

Because the AI model is accessed via API and generates scripts directly on the infected device, attackers can tailor attacks in real time, potentially evading detection and complicating cybersecurity defences.

Notably, the prompt embedded in the malware includes a Bitcoin address linked to cryptocurrency creator, Satoshi Nakamoto, whose identity remains unknown.

ESET confirmed both Windows and Linux versions of PromptLock have been uploaded to VirusTotal, though the ransomware appears to be a proof of concept rather than a fully weaponised threat.

"We believe it is our responsibility to inform the cybersecurity community about such developments," the researchers said.

In a blog post Cherepanov added: “Although it shows a certain level of sophistication and novelty, the current implementation does not pose a serious threat.”

Rising concerns over AI in cybercrime

The discovery of PromptLock adds urgency to concerns about AI's role in future ransomware attacks. Cybercriminal groups have increasingly used AI to automate social engineering and business email compromise (BEC) tactics.

A study by Acronis showed an increase in social engineering and BEC attacks from 20% to 25.6% in early 2025 compared to 2024, likely fuelled by AI-generated impersonations.

Security experts warn that while AI has mainly been used to improve attack efficiency, malware like PromptLock could herald a new era where AI directly controls the attack process, adapting and evolving in real time.

"We are in the earliest days of regular threat actors leveraging local/private AI, and we are unprepared," John Scott-Railton, spyware researcher at Citizen Lab, commented.

Earlier this year, Check Point reported the first malware designed to manipulate AI-based security systems.

The firm revealed that the malware embeds natural-language instructions, known as "prompt injection," designed to deceive AI systems into misclassifying it as non-malicious.

The researchers warned that the security community will now need to rethink how AI systems are trained, prompted, and deployed in operational environments. If left unaddressed, prompt injection and similar techniques could become a mainstream evasion tactic used by sophisticated threat actors, they added.