Researchers Discover PromptLock — The First AI-Powered Ransomware

Security specialists at ESET have uncovered an unusual piece of malware named PromptLock, described as the first known ransomware to leverage artificial intelligence.

According to the researchers, PromptLock is not yet fully functional and appears to be in the development stage. Nonetheless, variants targeting both Windows and Linux have already been uploaded to VirusTotal.

“Although multiple indicators suggest this sample is a proof-of-concept or someone’s unfinished work rather than a fully functional malware used in attacks, we consider it our duty to inform the cyber community about such developments,” ESET stated.

How PromptLock Works

Even in its early form, PromptLock demonstrates how AI can make cybercrime easier to carry out.

The ransomware uses gpt-oss-20b, one of two free open-weight models recently released by OpenAI. It runs locally on infected devices via the Ollama API and generates malicious Lua scripts on the fly.

“PromptLock uses Lua scripts generated via hardcoded prompts, which are used to enumerate the local file system, analyze target files, extract selected data, and perform encryption,” the researchers explained, noting that these scripts function across Windows, Linux, and macOS systems.

The malware is capable of identifying files to search, copy, encrypt, or potentially destroy based on file type and content. For now, the data destruction feature is not implemented, but researchers warn it may be added in future versions.

PromptLock relies on the 128-bit SPECK algorithm for file encryption, while the ransomware itself is written in Go.