Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b model
PromptLock uses OpenAI's gpt-oss-20b model and generates malicious scripts on the fly
Researchers at cybersecurity firm ESET have discovered what they said is the "first known AI-powered ransomware" strain.
Dubbed ‘PromptLock’, researchers said it uses OpenAI's open source gpt-oss:20b model, released earlier this month, locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes.
"PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption," said researchers Anton Cherepanov and Peter Strycek in posts on several social media sites, including X.
"These Lua scripts are cross-platform compatible, functioning on Windows, Linux, and macOS. Based on the detected user files, the malware may exfiltrate data, encrypt it, or potentially destroy it."
PromptLock is written in Golang and uses the SPECK 128-bit encryption algorithm, developed by the US National Security Agency (NSA), to encrypt files. It sends its requests through Ollama, an open source API for interfacing with large language models.
The Bitcoin address used in the AI prompt for a payment demand is the one associated with the cryptocurrency's creator, Satoshi Nakamoto, whose real identity has never been discovered.
Cherepanov and Strycek said they've identified both Windows and Linux variants uploaded to VirusTotal, a Google-owned service that catalogs malware and checks files for malicious threats.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The good news is that the malware doesn't seem to be fully functional yet - the destruction functionality hasn't been implemented.
"Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," Cherepanov and Strycek said.
Concerns rising over AI ransomware threats
Ransomware gangs have increasingly been using AI to automate communications and enhance their social engineering techniques, research shows.
A recent study from Acronis found that the increase in the use of AI by ransomware gangs appeared to be reflected in their chosen threat vectors. Social engineering and BEC attacks increased from 20% to 25.6% in the first five months of 2025 compared to the same period in 2024.
This, researchers noted, was probably down to the growth in AI use for crafting convincing impersonations.
Earlier this year, Malwarebytes warned that businesses need to be prepared for AI-powered ransomware attacks.
Up to now, AI agents have generally been used to increase the efficiency of attacks, rather than introducing new capabilities or altering the underlying tactics used by hackers.
According to Malwarebytes, though, this could all change soon as attackers use AI more broadly.
"We are in the earliest days of regular threat actors leveraging local/private AI, said John Scott-Railton, a spyware researcher at Citizen Lab, commenting on the ESET research. "And we are unprepared."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Mandiant says generative AI will empower new breed of information operations, social engineering
- AI breaches aren’t just a scare story any more – they’re happening in real life
- Think DDoS attacks are bad now? Wait until hackers start using AI assistants to coordinate attacks
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
'It’s a marker of where extortion tradecraft is heading': Cyber experts say they've identified the first case of ‘agentic ransomware’ – but there’s a catchNews While the JadePuffer ransomware has alarm bells ringing, it still needed a human in the loop
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
Three quarters of firms have halted AI projects over safety and security concerns – and cyber pros think things will deteriorate as models like Claude Mythos improveNews AI has become a leading problem for enterprise security teams, they can't automate their way out of trouble
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
IT teams are bullish on AI tools, but they’re worried security practices can’t keep paceNews Executives and IT teams are at odds over the risks associated with AI adoption
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackersNews AI is making it harder to differentiate between high and low-skilled actors