Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

ESET Discovers PromptLock, the First AI-Powered Ransomware

PromptLock uses OpenAI's gpt-oss:20b model locally to generate cross-platform malicious Lua scripts, highlighting early AI-driven ransomware evolution, per ESET Research.

  • Antivirus company ESET discovered PromptLock, the first known AI-powered ransomware using OpenAI's gpt-oss:20b model, reported on Tuesday.
  • PromptLock uses hardcoded text prompts to run gpt-oss:20b locally on infected Windows, Linux, and macOS devices, generating malicious Lua scripts to enumerate, exfiltrate, and encrypt files.
  • ESET noted PromptLock appears to be a proof-of-concept or work-in-progress as its file-destruction feature is not yet implemented, with no evidence of active widespread attacks.
  • ESET told PCMag that "The attack is highly viable," while researcher John Scott-Railton warned about early threat actors using local AI models in cyberattacks.
  • This finding signals emerging AI cyber threats, with OpenAI emphasizing ongoing efforts to improve model safety and limit malicious exploitation of open-source models.
Insights by Ground AI
Does this summary seem wrong?

24 Articles

Tech RadarTech Radar
Center

The first AI-powered ransomware has been spotted - and here's why we should all be worried

‘PromptLock’ may not be fully functional, but it could still cause problems.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Experimental PromptLock ransomware uses AI to encrypt, steal data

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems.

Read Full Article
BenzingaBenzinga
Center

ESET discovers PromptLock, the first AI-powered ransomware

ESET Research discovers PromptLock, a new type of ransomware using GenAI to execute attacks. The malware runs a locally accessible AI language model to generate malicious Lua scripts in real time, which are compatible across Windows, Linux, and macOS. PromptLock uses a freely available language model accessed via an API, meaning the generated malicious scripts are served directly to the infected device. Based on predefined text prompts, PromptLo…

·New York, United States
Read Full Article
20minutos20minutos
Center

Maximum Alert: Detect the First 'Ransomware' that Openai Ai Uses to Attack Windows, Linux and Macos

ESET security company researchers have just come up with what they call the first AI-driven ransomware, named PromptLock.

·Madrid, Spain
Read Full Article
The RegisterThe Register
Center

First AI-powered ransomware PoC spotted

: Oh, look, a use case for OpenAI's gpt-oss-20b model

Read Full Article
CyberScoopCyberScoop
Center

Researchers flag code that uses AI systems to carry out ransomware attacks

Researchers at cybersecurity firm ESET claim to have identified the first piece of AI-powered ransomware in the wild. The malware, called PromptLock, essentially functions as a hard-coded prompt injection attack on a large language model, causing the model to assist in carrying out a ransomware attack. Written in Golang programming code, the malware sends its requests through Ollama, an open-source API for interfacing with large language models,…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 86% of the sources are Center
86% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

PC Mag broke the news in United States on Tuesday, August 26, 2025.
Sources are mostly out of (0)

Similar News Topics

Windows icon

Windows

OpenAI icon

OpenAI

Artificial Intelligence icon

Artificial Intelligence

Linux icon

Linux

News
For You
SearchBlindspotLocal