ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux and macOS.
It was only a matter of time before artificial intelligence became a building block for cybercriminals. This week, researchers at ESET revealed what they are calling the first known AI-powered ransomware, a prototype dubbed PromptLock, which uses an open-weight AI model from OpenAI to generate malicious code on the fly.
Rather than carrying a static payload, PromptLock calls on the gpt-oss:20b model through the Ollama API, enabling it to write and execute Lua scripts directly on a compromised system. These scripts can scan directories, inspect files, exfiltrate selected data, and encrypt the results, all without the need for prepackaged binaries. That flexibility gives attackers a level of adaptability not commonly seen in traditional ransomware.
The malware is written in Golang, making it cross-platform, and ESET has already spotted both Windows and Linux samples uploaded to VirusTotal. Because Lua is lightweight and portable, it allows PromptLock to reach further than its usual victims and run on systems often neglected by ransomware operators, including macOS and consumer Linux devices.
Interestingly, researchers noted that while PromptLock can exfiltrate and encrypt files, but its ability to destroy data has not yet been implemented. This, along with several rough edges in the code, suggests that it is a proof-of-concept or work-in-progress rather than a live campaign targeting organisations.
ESET’s findings add to worries that AI-driven malware could make cyberattacks faster and larger-scale. Just as machine learning has already been used to create more convincing phishing lures and deepfake content, models can also be adapted to handle tasks such as reconnaissance, persistence, or data theft. PromptLock shows that ransomware authors are already experimenting with this approach.
Commenting on the discovery, Nathan Webb, principal consultant at Acumen Cyber, explained why this development should not be dismissed as a simple lab experiment: “This is possibly the first instance of an AI-powered piece of ransomware observed in the wild. Rather than come with a payload, the malware uses ChatGPT to write Lua scripts on the fly, which gives it information about the local system and allows it to view files, exfiltrate data, and ultimately encrypt the system.”
“The use of Lua here suggests that attackers are trying to make the ransomware platform-agnostic, so that they can target a wider range of systems and environments, especially those not traditionally targeted due to their low market share, like Apple devices, and consumer Linux devices,” Nathan pointed out.
Webb also pointed out that defending against such threats will require new thinking around script interpreters and OS-level tools. Security vendors will need to improve detection mechanisms that can separate legitimate scripts from malicious ones, using their own machine learning models to deobfuscate and analyse behaviour in real time.
