"AI Ransomware 'PromptLock' Uses OpenAI Model for Encryption"

First AI Ransomware ‘PromptLock’ Uses 𝗢𝗽𝗲𝗻𝗔𝗜 𝗴𝗽𝘁-𝗼𝘀𝘀-𝟮𝟬𝗯 𝗠𝗼𝗱𝗲𝗹 for Encryption : A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption. https://lnkd.in/gdmKijcm

PromptLock is the first AI Ransomware, discovered by ESET, and uses OpenAI's  gpt-oss-20b model for encryption. #PromptLock #OpenAI #AI #ESET #ransomware https://lnkd.in/e7p9G-hy

Here is the thing we all have been waiting for! Written with golang, uses OpenAI gpt-oss-20b model "PromptLock", believed to be first AI powered Ransomware is here in the marketplace. ESET researchers have discovered what they called "the first known AI-powered ransomware". The malware, which ESET has named PromptLock, has the ability to exfiltrate, encrypt and possibly even destroy data, though this last functionality appears not to have been implemented in the malware yet. While PromptLock was not spotted in actual attacks and is instead thought to be a proof-of-concept (PoC) or a work in progress, ESET's discovery shows how malicious use of publicly-available AI tools could supercharge ransomware and other pervasive cyberthreats.

#CISOTrustAdvisor -> Ransomware With AI "A new ransomware has been identified, which is believed to be the #first-ever ransomware strain that #leverages a local AI model to #generate its malicious components. Dubbed “#PromptLock” by the ESET Research team that discovered it, the malware #uses OpenAI’s gpt-oss:20b model via the Ollama API to #create custom, cross-platform Lua scripts for its attack chain." https://lnkd.in/dmy9MF4r

ESET today announced the discovery of "the first known AI-powered ransomware." The ransomware in question has been dubbed PromptLock, presumably because seemingly everything related to generative AI has to be prefixed with "prompt." https://lnkd.in/gWUbm_nN

⚠️ Researchers at cybersecurity firm ESET have discovered what they said is the "first known AI-powered ransomware" strain. 🔎 Dubbed ‘PromptLock’, researchers said it uses OpenAI's open source gpt-oss:20b model, locally via the Ollama API, to generate malicious Lua scripts on the fly, which it then executes. 📝 Emma Woollacott has more in her latest for ITPro. #Ransomware | #AI | #InfoSec https://lnkd.in/e4rrZ985

🚨 First AI Ransomware ‘PromptLock’ Uses OpenAI gpt-oss-20b Model for Encryption | Read more: https://lnkd.in/gUaSG559 A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components. Dubbed “PromptLock” by the ESET Research team that discovered it, the malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack chain. #cybersecuritynews #ransomware

🚨 AI vs AI: The Cybersecurity Battleground Has Evolved 🚨 Just read about PromptLock, the first known ransomware powered by a local AI model — OpenAI’s gpt-oss:20b via the Ollama API — used to dynamically generate malicious Lua scripts across platforms. This marks a chilling milestone: AI isn’t just a tool for innovation anymore, it’s now weaponized for encryption and evasion. But here’s the twist I can’t stop thinking about 🤔 : 💡 What if we fight AI with AI 🤣 ? If malicious actors can train models to build ransomware, can defenders train models to detect, decrypt, and neutralize those same threats — using the same architecture? Imagine a cybersecurity framework where AI models are trained not just to recognize attack patterns, but to reverse-engineer them in real time. A kind of “ethical mirror” — where the same intelligence used to create harm is repurposed to dismantle it. This isn’t just a tech arms race. It’s a philosophical shift: 🔐 AI isn’t just a tool. It’s a battlefield. And the best defense might be a smarter offense — built from the same code. Would love to hear thoughts from fellow creators, engineers, and security minds. Are we ready to build AI guardians that speak the same language as AI threats? #AI #Cybersecurity #PromptLock #EthicalAI #DigitalDefense #TechEthics #LinkedInThoughts

“The scariest malware is the one that thinks for itself.” ESET researchers have just discovered something new called PromptLock. Unlike normal ransomware that follows the same script every time, this one uses a local AI model to write its own scripts on your computer. Through Ollama, it asks the AI to generate fresh Lua code that helps it search files, steal data, and lock everything up. That means every victim faces a different version of the attack. Imagine playing chess, but your opponent keeps changing the rules while you are mid-game. That is how defenders feel against PromptLock. The good news is this is still only a proof of concept. It is not spreading widely yet. But it shows us where cyberattacks are heading: AI will be used by attackers just as much as it is used by defenders. What can we do today? • Secure and monitor any local AI tools running in your environment • Keep an eye out for unusual scripting activity like Lua in unexpected places • Control what software can run, and stick to trusted sources • Practice restoring from backups because in the end, they are your safety net The takeaway is simple. Attackers evolve with new tools, but our habits and preparation decide the outcome. Stay curious, keep practicing the basics, and never stop learning. #cybersecurity #ransomware #AIsecurity #infosec #threatintel #securityawareness #incidentresponse

A Friendly Reminder for Internet Users 1. Be cautious with AI agents — Whether in enterprise tools or personal apps, ensure any AI-enabled system is properly secured and access-limited. 2. Use behavior-based defense — Signature-based antivirus may fall short; tools that monitor anomalies like unusual Lua script execution or outbound connections to LLM-serving infrastructure are critical. 3. Keep backups and patches up to date — Regular system snapshots and rapid patching remain your frontline defense against ransomware variants, AI-powered or otherwise. 4. Stay informed — This is a rapidly evolving threat landscape. Awareness and vigilance go a long way.