The first AI-powered ransomware is here

For years, ransomware has been one of the biggest nightmares for organizations. Traditional strains relied on pre-written malicious code, spreading through phishing campaigns, exploiting vulnerabilities, or brute-forcing credentials. Defenders learned their tricks and built detection patterns.

But now, with PromptLock, we’re entering uncharted territory: ransomware built with the help of generative AI.

ESET Research recently uncovered PromptLock, a proof-of-concept malware that demonstrates how attackers can integrate large language models (LLMs) into ransomware to make it smarter, adaptive, and cross-platform.

This is the first documented case of AI being used in active ransomware code—and it won’t be the last.

How PromptLock works

At its core, PromptLock is powered by OpenAI’s gpt-oss:20b model running locally through the Ollama API. Instead of hardcoding every action, the ransomware relies on AI prompts to generate Lua scripts dynamically.

That means:

• The code it executes can change on the fly, making it harder to detect through static analysis.

• The attacker doesn’t need to manually write every malicious function—the AI helps produce them.

• Defensive signatures based on known malware behaviors may not work as effectively.

Once installed on a victim’s system, PromptLock uses these generated scripts to:

• Enumerate files and directories

• Encrypt user data

• Potentially exfiltrate sensitive information

And it works on Windows, Linux, and macOS.

The anatomy of PromptLock

What makes this malware unique?

1. Cross-platform reach

Written in Golang, PromptLock can compile and run natively on Windows and Linux. ESET also observed macOS prompts, indicating macOS support is possible.

2. AI-driven adaptability

Instead of a rigid payload, PromptLock leverages AI prompts to generate malicious Lua scripts dynamically. These include functions for file exfiltration, encryption, and (in theory) even destruction.

3. Encryption mechanism

It uses the SPECK 128-bit encryption algorithm, a lightweight cipher originally designed by the NSA, for encrypting victim files.

4. Proof-of-concept status

At present, PromptLock appears to be an unfinished or experimental project. ESET classifies it as a work-in-progress rather than a fully deployed ransomware campaign.

Why this matters

So far, PromptLock may not be a major threat in itself. But the implications are huge.

Traditional ransomware had predictable lifecycles: attackers coded it, packaged it, distributed it, and defenders built detections against it. AI breaks this cycle.

• Malware can evolve in real time: If ransomware dynamically generates parts of its logic, defenders can’t rely on static signatures or known IoCs (Indicators of Compromise).

• Barrier to entry is lowered: With GenAI assistance, attackers don’t need advanced coding skills. Even novice hackers could build functional ransomware by leaning on AI prompts.

• Cross-platform attacks become easier: Golang plus AI-driven adaptability means one ransomware family could hit multiple operating systems without major rewrites.

• Detection and response must evolve: Security teams will need to focus more on behavioral analysis and AI red-teaming, rather than chasing signatures.

PromptLock is less about the here-and-now threat, and more about what it signals: the future of ransomware development.

What you as a defender can do next

1. Invest in behavioral monitoring
   Static detection won’t cut it anymore. Monitoring how processes behave (like unusual use of scripting engines or encryption at scale) will be more reliable than looking for a known binary.

2. Prepare for polymorphic malware
   AI can make malware shape-shift. Security tools must adapt to handle variants generated in real time.

3. Secure development pipelines
   Just as attackers leverage AI, defenders can too. Integrating AI-powered code analysis tools in the SDLC can help catch weaknesses early.

4. Adopt chaos-style testing
   Just as Chaos Engineering exposed weaknesses in distributed systems, “chaos security testing” for AI-driven threats could reveal how your defenses hold up against unpredictable malware.

Closing thought

PromptLock may only be a proof-of-concept today. But it shows us a glimpse of tomorrow: where AI makes ransomware more intelligent, more evasive, and harder to stop.

The evolution of threats means our defenses must evolve, too. Staying ahead of the curve requires a proactive, adaptive, and behavior-based approach to security.

**Images sourced from ESET Research’s X handle.