PromptLock, The First Ransomware Powered by Generative Artificial Intelligence

Arturo Viruete
September 5, 2025
min
PromptLock, The First Ransomware Powered by Generative Artificial Intelligence

In the vast and ever-evolving world of cybersecurity, new threats emerge every day, designed to deceive, extort, and harm both individual users and large organizations. One of the latest to cause a stir is PromptLock, an advanced ransomware variant that has raised alarms among experts due to its innovative and highly disruptive approach.

Unlike traditional ransomware, PromptLock leverages generative artificial intelligence models to create malicious scripts in real time, dynamically adapting to the compromised system’s environment and evading conventional detection methods. This capability makes it a highly flexible, evasive, and difficult-to-mitigate threat.

Moreover, its emergence has triggered a significant shift in vulnerability analysis and defensive strategies. PromptLock not only represents a technological evolution in attacker tactics but also serves as a wake-up call regarding the potential misuse of AI in modern cybercrime.

What Is PromptLock?

PromptLock is an experimental ransomware variant developed in Golang, a cross-platform programming language known for its efficiency, concurrency, and portability, traits that have also contributed to its growing popularity among malware developers in recent years.

Unlike conventional ransomware, PromptLock is powered by generative AI (GenAI), operating through a locally executable language model. This model can generate malicious Lua scripts compatible with multiple operating systems, including Windows, Linux, and macOS,with minimal adaptation required.

Its most alarming feature is its contextual analysis capability: during the infection process, PromptLock scans the system for local files, analyzes their semantic content, and based on predefined rules, autonomously decides whether to exfiltrate, encrypt, or ignore the data.
This AI-driven decision-making allows the ransomware to act with a high degree of adaptability and intelligence.

The dynamic generation of scripts means that each execution instance can be unique, which greatly complicates detection using traditional security tools. This variability makes PromptLock a particularly sophisticated threat, combining advanced evasion techniques with real-time, customized offensive capabilities.

What makes it different?

The most notable innovation behind PromptLock lies in its ability to connect remotely, via a proxy, to OpenAI’s gpt-oss:20b model using the Ollama API. This allows the malicious scripts generated by the model to be delivered directly to the compromised device, without the need for prepackaged malicious code, enhancing both adaptability and stealth.

Additionally, PromptLock uses the128-bit SPECK encryption algorithm, originally developed by the NSA. Whileefficient and lightweight, SPECK is rarely seen in ransomware, as it is morecommonly associated with embedded systems and RFID technology. Its inclusionsuggests an intent to keep the malware lightweight, fast, and compatible withlow-resource systems.

PromptLock represents a newgeneration of ransomware, one that combines a visual lockscreen interface,local AI-driven decision-making, and dynamic payload generation, enabling it toadapt to system environments and resist traditional analysis techniques. Althoughit is suspected that PromptLock has the capability to exfiltrate or destroydata, these functionalities are not yet fully implemented, placing it currentlyin the category of a Proof-of-Concept (PoC) rather than a fully operationalmalware campaign.

However, its very existence is aclear sign of what’s to come: the ability to automate multiple phases of anattack’s lifecycle, from payload generation to evasion and execution, throughthe use of generative models accessible even to threat actors with limitedtechnical knowledge.

This scenario shows howcybercrime is becoming both more advanced and more accessible, forcing areevaluation of many current defense strategies. As AI tools become morewidespread, it is reasonable to expect an increase in similar threats.

Therefore, prevention, ongoingeducation, and proactive monitoring remain our best defenses. Being informed,vigilant, and well-protected is no longer optional, it is essential in thisincreasingly complex and hostile digital landscape.

References

ESET. (2025, August). ESET discovers PromptLock, the first AI‑poweredransomware. ESET.https://www.eset.com/gr-en/about/newsroom/press-releases-1/eset-discovers-promptlock-the-first-ai-powered-ransomware-1/

CyberScoop. (2025, August). Researchers flag code that uses AIsystems to carry out ransomware attacks. CyberScoop. https://cyberscoop.com/prompt-lock-eset-ransomware-research-ai-powered-prompt-injection/

Share this post

More blog posts

What lurks behind Shadow IT?
Adiel Lizama
August 16, 2022

What lurks behind Shadow IT?

In a work environment, Shadow IT can be defined as the use of apps without the approval of the IT department, this is driven by the need to perform our daily tasks in a more convenient or faster way.
Boosting Application Security: DAST vs. SAST vs. IAST vs. RASP
Jacobo Arzaga
August 29, 2023

Boosting Application Security: DAST vs. SAST vs. IAST vs. RASP

In today’s technological world, security has taken center stage and has had a significant impact on the way companies developed their applications, due to the rise and evolution in the cyber-attack landscape.
Data Broker and Privacy Data
Adiel Lizama
April 29, 2024

Data Broker and Privacy Data

When surfing the Internet, everything we do generates information, from the videos we like, the songs we listen to, the pages we visit, even the transactions we make.
Back to blog