Security researchers at ESET have revealed what may be the world’s first AI powered ransomware, dubbed PromptLock. This alarming proof of concept leverages OpenAI’s gpt oss 20b model through the Ollama API to dynamically generate Lua scripts that facilitate key stages of ransomware attacks including file scanning, data exfiltration, and encryption.
Miscreants have written PromptLock in Golang and uses the SPECK 128 bit encryption algorithm. ESET has identified it in both Windows and Linux variants on the VirusTotal repository.
Its core functionality deviates from traditional ransomware, which typically contains pre-compiled malicious logic. Instead, PromptLock carries hard-coded prompts that it feeds to a locally running gpt-oss:20b model.
Analysis of the malware’s network traffic reveals POST requests to a local Ollama API endpoint (172.42.0[.]253:8443). These requests contain prompts instructing the AI model to act as a “Lua code generator.”
The scary aspect is that the AI generated scripts adapt based on the environment, choosing which files to target. This evolving tactic can potentially bypass traditional detection methods. Notably, the malware embeds a Bitcoin address allegedly linked to Satoshi Nakamoto for ransom payment, though its destruction module remains inactive.
With AI increasingly used to automate social engineering and extortion attacks in 2025, we need a paradigm shift in cybersecurity: from efficiency tools to autonomous threat detection systems. AI driven malware can lower the technical entry barrier for attackers and make cyber threats more unpredictable and harder to detect.