NYU's PromptLock linked to AI ransomware, sparking debate on responsible AI research.

ESET researchers uncovered the first known case of ransomware written with the help of generative AI: https://lnkd.in/gbKx5ZEY Threat actors are experimenting with polymorphic binaries: code that mutates on every build to evade traditional detection. The problem: EDR is fundamentally reactive. • Detection pipelines rely on machine learning models trained on previously seen samples. • With AI creating new, unique payloads each time, feature-based detection is perpetually behind. SecuritySnares takes a different approach: • We don’t chase signatures or ML features. • We monitor when encryption begins at the process level. • If the encrypting process is not explicitly trusted (e.g., BitLocker, backup software, DB engines), we terminate it immediately. ➡️ The result: ransomware dies at the moment of encryption, regardless of how its code was generated. This is how you supplement EDR with a deterministic control that attackers can’t bypass by simply swapping out code. #CyberSecurity #Ransomware #AI #EDR #DataProtection

This research is wild: NYU just admitted they built the “AI-powered #ransomware” ESET flagged last month as part of a project to show what’s possible when LLMs are abused. Proof-of-concept or not, it’s a clear warning that polymorphic, #AI -driven malware is no longer theory, it’s here! https://lnkd.in/dN7e5wC5

⚠️ Researchers at cybersecurity firm ESET have discovered what they said is the "first known AI-powered ransomware" strain. 🔎 Dubbed ‘PromptLock’, researchers said it uses OpenAI's open source gpt-oss:20b model, locally via the Ollama API, to generate malicious Lua scripts on the fly, which it then executes. 📝 Emma Woollacott has more in her latest for ITPro. #Ransomware | #AI | #InfoSec https://lnkd.in/e4rrZ985

𝐀𝐈-𝐏𝐨𝐰𝐞𝐫𝐞𝐝 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞: 𝐖𝐡𝐚𝐭 𝐏𝐫𝐨𝐦𝐩𝐭𝐋𝐨𝐜𝐤 𝐓𝐞𝐚𝐜𝐡𝐞𝐬 𝐀𝐛𝐨𝐮𝐭 𝐭𝐡𝐞 𝐍𝐞𝐱𝐭 𝐂𝐲𝐛𝐞𝐫 𝐓𝐡𝐫𝐞𝐚𝐭𝐬 AI-powered ransomware exists. Researchers at New York University built “PromptLock,” discovered by security specialists, to show how threat actors could use large language models for attacks. “PromptLock” doesn’t work like typical malware. It embeds prompts for an LLM into its code, so the AI writes malicious actions on the fly. Each instance can change its code, tactics, and timing, making detection much harder. - NYU’s prototype can carry out data reconnaissance, payload generation, and ransomware extortion without any human help. - The team withheld sharing some attack details fearing misuse but confirmed the proof-of-concept on VirusTotal. - ESET and other researchers confirmed it was the first documented case of AI-driven ransomware—even if unfinished. The concern is real: - The model can generate polymorphic (ever-changing) ransomware, avoiding antivirus tools. - Cybercriminals already tried similar tricks: Anthropic found its Claude LLM used to attack healthcare, government, and community organizations. - In one case, the AI wrote custom, psychologically targeted ransom notes and chose what data to steal. - The emerging consensus: LLMs can automate all steps of an attack, lowering the bar for low-skilled threat actors. This pushes several questions your cybersecurity team needs to answer: - Are you ready to detect malware that “lives” in prompts instead of static code? - Is your data protected against automated, AI-driven social engineering? - Have you tested your systems against polymorphic attacks that constantly adapt? New attacks call for new defenses: - Run real-world testing of AI-powered attack scenarios. - Update incident response plans for LLM-based threats. - Make frontline staff aware of personalized extortion delivered via AI. AI will not wait for defenses to catch up. Have you reviewed your security in light of these findings? 💬 Feel free to share your thoughts and engage with this important topic. Let's drive the conversation forward! 🔄 If this resonated with you, and you think it will resonate with others, please repost and follow me or connect. If you thought this made a great point, offered a new idea, or shared helpful insights or advice select 💡. #AITools #CyberSecurity #PromptInjection #Ransomware #LLM #EmergingThreats #InfoSec #CISOs #AIrisks #ProtectYourData

🔐 Exciting news from the cybersecurity front, tech titans! 🚀 ESET has just unveiled PromptLock, an AI-driven ransomware beast prowling in the shadows of Golang code. 🕵️♂️ 🔍 Picture this: PromptLock harnesses the power of GPT-3's big brother - the gpt-oss:20b model, conjuring up sinister Lua scripts using the Ollama API. Watch out, bytes and bits! 🔮 🌐 As we sail the ever-evolving tech sea, encounters with such cunning foes are becoming commonplace. Today it's PromptLock, tomorrow... who knows? Are we ready to outmaneuver these digital rascals? 🔒 Security is the name of the game, folks. Stay two steps ahead, fortify those firewalls, and keep those patches fresh as the morning dew. 💪 📈 Remember the past: from Stuxnet's sneaky infiltration to WannaCry's global dance of mayhem, cyber threats morph and adapt. It's survival of the cyber-fittest out there! 💭 What could the emergence of PromptLock foretell? Will AI-powered ransomware become the new norm, lurking in the digital shadows, waiting to strike? 🤖💰 ⚠️ Keep an eye on the horizon, tech wizards. The digital battleground is ever-shifting, and with each revelation, our defenses must evolve in tandem. Adaptation is the key to survival. #cybersecurity #AI #infosec #ainews #automatorsolutions 🛡 #CyberSecurityAINews ----- Original Publish Date: 2025-08-27 10:13

"Criminals can use artificial intelligence, specifically large language models, to autonomously carry out ransomware attacks that steal personal files and demand payment, handling every step from breaking into computer systems to writing threatening messages to victims, according to new research from NYU Tandon School of Engineering posted to the arXiv preprint server. The study serves as an early warning to help defenders prepare countermeasures before bad actors adopt these AI-powered techniques. A simulation malicious AI system developed by the Tandon team carried out all four phases of ransomware attacks—mapping systems, identifying valuable files, stealing or encrypting data, and generating ransom notes—across personal computers, enterprise servers, and industrial control systems." #llm #ransomwareattacks #cybersecurity #security

🚨 The First AI-Powered RansomwareCybersecurity firm ESET reveals the emergence of PromptLock, the first-ever AI-powered ransomware. Written in Golang and using OpenAI's gpt-oss:20b local open source language model, this proof-of-concept malware can...

NYU team behind AI-powered malware dubbed ‘PromptLock’ : Researchers at NYU’s Tandon School of Engineering confirmed they created the code as part of a project to illustrate potential harms of AI-powered malware. The post NYU team behind AI-powered malware dubbed ‘PromptLock’  appeared first on CyberScoop. #cyber #cybersecurity #informationsecurity

NYU team behind AI-powered malware dubbed ‘PromptLock’ : Researchers at NYU’s Tandon School of Engineering confirmed they created the code as part of a project to illustrate potential harms of AI-powered malware. The post NYU team behind AI-powered malware dubbed ‘PromptLock’  appeared first on CyberScoop. #cyber #cybersecurity #informationsecurity

This article outlines the threats posed by AI empowered hacking. The damage can be exponential. Worth reading and taking steps now to safeguard data and systems.