ESET researchers have identified a new type of malware, dubbed PromptLock, which is believed to be the first known AI-powered ransomware. The malware uses publicly available AI tools to generate malicious scripts and execute them on target systems.
PromptLock leverages AI models like OpenAI’s gpt-oss-20b to create Lua scripts that can enumerate files, exfiltrate data, and encrypt it. The malware is written in Golang and has variants for both Windows and Linux operating systems.
The discovery highlights the increasing use of AI tools by malicious actors to automate various stages of ransomware attacks. This could lead to a significant increase in the volume and impact of such attacks. ESET’s researchers warn that this development represents a new frontier in cyberattacks, where malware can adapt to its environment and change tactics on the fly.
As AI-powered malware becomes more prevalent, it poses a significant threat to organizations and individuals alike. To learn more about the latest trends in ransomware and cybersecurity, read ESET’s H1 2025 Threat Report or review their white paper on the risks and opportunities of AI for cyber-defenders.
Source: https://www.welivesecurity.com/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research