Cybersecurity firm ESET has uncovered what is believed to be the first known instance of artificial intelligence-powered ransomware. Named ‘PromptLock’, the malware uniquely leverages OpenAI’s gpt-oss:20b model through the local Ollama API to generate and execute malicious Lua scripts in real time.
In a series of tweets ESET explained that PromptLock dynamically crafts its attack logic using hard-coded prompts fed into the AI model. The prompts instruct the model to create Lua scripts that scan the local file system, analyze files, and decide whether to exfiltrate, encrypt, or, in future iterations, potentially destroy data. Notably, the destruction capability is referenced in the code but appears unimplemented, suggesting the malware may still be in a proof-of-concept (PoC) stage.
The generated Lua scripts are cross-platform, capable of executing on Windows, Linux, and macOS systems. For file encryption, PromptLock uses the SPECK 128-bit encryption algorithm, a lightweight cipher originally developed by the NSA.
ESET researchers report that PromptLock is written in Golang, and samples targeting both Windows and Linux environments have already been identified on VirusTotal. The current form of the ransomware lacks the full functionality typically seen in mature threat campaigns, reinforcing the belief that PromptLock is a work-in-progress rather than an active threat circulating in the wild.