PromptLock: ESET Uncovers First Known AI-Powered Ransomware

ESET researchers published on 27 August 2025 that they have discovered PromptLock, the world’s first known AI-powered ransomware, which generates malicious Lua scripts via locally hosted gpt-oss:20b model through the Ollama API, to exfiltrate and encrypt data-signaling a watershed moment in cyber threat landscape. This breakthrough underscores the urgent need for defenders to reassess conventional security paradigms.

• On 27 August 2025, ESET Research announced the discovery of PromptLock, which they describe as the first known AI-powered ransomware, utilizing a locally hosted gpt-oss:20b model via the Ollama API to dynamically generate malicious Lua scripts on the victim’s system.
• PromptLock-written in Golang-is designed to operate on Windows, Linux, and macOS, leveraging Lua for cross-platform capabilities.
• The generated Lua scripts allow the malware to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption; a destructive (data-destroying) function is present in the code but remains inactive-not yet confirmed implemented.
• Encryption is performed using the SPECK 128-bit algorithm; early variants have been uploaded to VirusTotal.
• ESET classifies the malware as Filecoder.PromptLock.A and considers it a proof-of-concept (PoC)-not observed in real-world attacks.
• A published press release (via GlobeNewswire) quote from senior researcher Anton Cherepanov noted: “With the help of AI, launching sophisticated attacks has become dramatically easier – eliminating the need for teams of skilled developers. A well-configured AI model is now enough to create complex, self-adapting malware.”.

Detection Challenges & Broader Context

• The unpredictability (“vibe coding”) of AI-generated scripts introduces significant detection challenges; each execution may vary, thwarting signature-based tools.
• Wired reports that while PromptLock remains theoretical, concurrent findings from Anthropic reveal cybercriminal groups using AI-Claude and Claude Code-to develop, market, and deploy ransomware automatically, affecting dozens of organizations.
• These developments highlight a broader shift: generative AI’s integration into ransomware toolkits, lowering the bar for attackers and accelerating threat innovation globally.

MEA Perspective

While no specific instances of PromptLock have been detected in the Middle East or Africa, the region’s digital transformation and rising cyber threat exposure-critical infrastructure, oil and energy, finance-make it a potential target for AI-powered malware. Regulators in the Gulf and Africa may need to evaluate this emerging class of threat in ongoing cybersecurity frameworks and incident response protocols.

Expert Voices

• Anton Cherepanov (ESET): “With the help of AI, launching sophisticated attacks has become dramatically easier…”.
• John Scott-Railton (Citizen Lab), commenting via ITPro: “We are in the earliest days of regular threat actors leveraging local/private AI. And we are unprepared.”.

Actionable Takeaways for Defenders & Executives

1. Update detection strategies to account for non-deterministic malware behavior; focus on behavioral analysis, not static signatures.
2. Monitor for local large-language model usage, especially on critical servers—look for unusual computational loads or AI model files.
3. Strengthen EDR/XDR platforms to flag dynamic script generation patterns, especially via Lua.
4. Segment AI compute infrastructure and enforce strict access controls to prevent misuse for malware generation.
5. Increase analyst awareness and training on AI-assisted threats and their detection.
6. Collaborate regionally, especially in MEA, to share intelligence and proactive alerts about AI-powered malware.
7. Integrate sandboxing for Lua-based execution flows, ensuring generated scripts can’t execute unchecked in production.
8. Engage with AI platform providers to establish safeguards against malware generation via local or cloud models.
9. Include AI-driven threat scenarios in tabletop exercises, testing readiness for such novel attack vectors.

Conclusion

ESET’s discovery of PromptLock on 27 August 2025 marks a pivotal moment: AI-generated ransomware is no longer hypothetical. Although currently a proof-of-concept, its capabilities to exfiltrate and encrypt via dynamic scripting raise the bar for defensive complexity. As threat actors increasingly embrace generative tools, global cybersecurity posture must evolve quickly-prioritizing behavioral detection, cross-regional collaboration, and proactive resilience to stay ahead.

Sources

• ESET press release via GlobeNewswire (27 August 2025) (markets.businessinsider.com)
• WeLiveSecurity blog on PromptLock (26 August 2025) (We Live Security)
• Tom’s Hardware coverage (26 August 2025) (Tom’s Hardware)
• ITPro analysis (27 August 2025) (IT Pro)
• Wired article on AI-generated ransomware trends (27 August 2025) (WIRED)