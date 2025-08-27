Artificial intelligence was observed to have been used to underpin ransomware for the first time with the new PromptLock payload, according to The Register.
OpenAI's recently introduced gpt-oss-20b model has been leveraged by PrompLock to generate illicit Lua scripts for local file system enumeration, file inspections, and data exfiltration, a report from ESET showed. Moreover, SPECK 128-bit encryption has been used by the Go-based PromptLock for encrypting compromised data. While Windows and Linux variants of PromptLock have already been added to VirusTotal, the ransomware payload was noted to still lack the ability to destroy files. "Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," said ESET researchers, who noted the findings to indicate the growing use of AI to facilitate cybercriminal activity.
OpenAI's recently introduced gpt-oss-20b model has been leveraged by PrompLock to generate illicit Lua scripts for local file system enumeration, file inspections, and data exfiltration, a report from ESET showed. Moreover, SPECK 128-bit encryption has been used by the Go-based PromptLock for encrypting compromised data. While Windows and Linux variants of PromptLock have already been added to VirusTotal, the ransomware payload was noted to still lack the ability to destroy files. "Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments," said ESET researchers, who noted the findings to indicate the growing use of AI to facilitate cybercriminal activity.