ESET researchers have identified PromptLock, the first known AI-powered ransomware, which leverages OpenAI's gpt-oss-20b model locally to generate malicious Lua scripts for file enumeration, exfiltration, and SPECK 128-bit encryption across Windows, Linux, and macOS systems. While currently a proof-of-concept and not yet fully operational, its discovery underscores a significant advancement in cybercriminal capabilities, demonstrating AI's potential to streamline attack chains and signaling an evolving threat landscape for institutional cybersecurity.
The discovery of 'PromptLock' by ESET researchers represents a significant, albeit nascent, evolution in the cybersecurity threat landscape. This malware is the first known ransomware to leverage a locally-run, open-weight AI model—specifically, OpenAI's gpt-oss-20b—to dynamically generate malicious Lua scripts. This method, designed to evade traditional detection, enables cross-platform attacks on Windows, Linux, and macOS for file enumeration, data exfiltration, and encryption using the SPECK 128-bit algorithm. While analysts have classified the malware as a proof-of-concept rather than a fully operational threat currently active in the wild, its existence confirms that AI is lowering the technical barrier for creating sophisticated and adaptable cyberattacks. The development signals a new class of threat that enterprise defenses and cybersecurity vendors must now anticipate, shifting the focus towards combating dynamic, AI-generated malicious code rather than static signatures.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
mildly negative
Sentiment Score
-0.35
