Cybersecurity researchers at ESET have identified a groundbreaking new ransomware strain named PromptLock, the first known malware to leverage generative artificial intelligence (GenAI) to execute attacks.

Discovered by senior malware researcher Anton Cherepanov and colleague Peter Strýček, PromptLock uses a locally hosted AI language model to generate malicious Lua scripts in real time, marking a significant evolution in cybercrime tactics.

Unlike traditional ransomware, which relies on pre-written code, PromptLock autonomously scans local filesystems, analyzes content, and decides whether to exfiltrate or encrypt data based on predefined text prompts. Written in Golang and utilizing the SPECK 128-bit encryption algorithm, the malware is cross-platform compatible, targeting Windows, Linux, and macOS systems. While a data destruction function is embedded in the code, it remains inactive, suggesting PromptLock is still a proof-of-concept (PoC) rather than a fully operational threat.

“The emergence of tools like PromptLock highlights a seismic shift in the cyber threat landscape,” said Cherepanov. “With AI, launching sophisticated attacks has become dramatically easier, eliminating the need for teams of skilled developers. A well-configured AI model can now create complex, self-adapting malware, posing significant challenges for cybersecurity defenders.”

PromptLock operates using OpenAI’s open-weight gpt-oss:20b model, accessed locally via the Ollama API, which allows it to generate dynamic scripts without relying on external servers. This local operation makes it harder to detect, as it produces minimal network traffic. Notably, the malware includes a Bitcoin address linked to Bitcoin’s pseudonymous creator, Satoshi Nakamoto, for ransom payments, though no real-world attacks have been reported yet.

ESET’s discovery, announced on August 27, 2025, follows samples uploaded to VirusTotal from the United States, indicating early-stage development. The company has classified the malware as Filecoder.PromptLock.A and shared technical details to alert the cybersecurity community.

Recent developments highlight growing concerns about AI-driven cyberthreats. A parallel report from Anthropic revealed that cybercriminals, including a UK-based group tracked as GTG-5004, have used its Claude model to develop ransomware with advanced evasion techniques, underscoring the rapid adoption of AI by threat actors. Additionally, experts warn that PromptLock’s ability to generate varied scripts per execution could complicate detection, as indicators of compromise (IoCs) differ each time, making traditional antivirus solutions less effective.

Nathan Webb, principal consultant at Acumen Cyber, emphasized the significance of PromptLock: “This is possibly the first instance of AI-powered ransomware observed in the wild. Its ability to generate scripts on the fly gives attackers unprecedented adaptability.” ESET advises organizations to monitor Lua script execution and proxy tunneling linked to the Ollama API to mitigate risks.

As AI tools become more accessible, experts predict a surge in such threats. “The rise of AI-powered malware represents a new frontier in cybersecurity,” Cherepanov noted. “By sharing these findings, we aim to spark discussion and preparedness across the industry.” ESET continues to track PromptLock’s development, urging defenders to adapt to this evolving threat landscape. (ILKHA)