In a major development that signals a new and troubling era in cybercrime, cybersecurity researchers at ESET have announced the discovery of what they are calling the world’s first AI-powered ransomware, dubbed “PromptLock.” This new form of malware, currently a proof of concept, represents a significant leap from traditional ransomware, leveraging generative artificial intelligence to create self-adapting, multi-platform attack scripts in real time.
Unlike its static predecessors, PromptLock operates by running a local AI language model, which it uses to dynamically generate malicious Lua scripts on an infected device. This allows the malware to intelligently analyze a system’s file structure and content, autonomously deciding whether to exfiltrate, encrypt, or even destroy data based on a set of hard-coded prompts. The discovery reveals how AI can be used to automate and enhance key stages of an attack—from reconnaissance to data theft—with a speed and scale previously considered impossible.
According to researchers, the ransomware is cross-platform, with samples discovered for Windows and Linux. Its use of a local AI model, accessed via an API, is particularly concerning as it allows the malware to operate without needing a constant connection to a central server, complicating detection and defense efforts. While the malware’s destructive capabilities appear to be inactive in its current state, its existence alone serves as a dire warning.
The emergence of PromptLock underscores a growing fear among security experts that AI will democratize sophisticated cyberattacks, lowering the barrier to entry for less-skilled malicious actors. A well-configured AI model could be enough to create complex and evasive malware, making the work of cybersecurity defenders considerably more challenging. The discovery highlights the urgent need for a shift in cybersecurity strategy, emphasizing advanced threat detection, proactive defenses, and heightened awareness of a new class of threats. Organizations must prepare for a future where ransomware is not only more widespread but also smarter, faster, and more difficult to defend against.
