First of a kind Ransomware with an AI Engine discovered by researchers

By Matthew Griffin Security and Privacy 15th September 2025

WHY THIS MATTERS IN BRIEF

Ransomware is already a scourge on businesses, but now it’s got a major AI upgrade to make it harder to spot and defeat.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

It was probably inevitable — analysts have spotted the first known ransomware strain powered by Artificial intelligence. ESET malware researchers Anton Cherepanov and Peter Strycek discovered the emerging strain, which they have named “PromptLock.” Although it has not yet been observed in active cyberattacks, the researchers said the PromptLock ransomware appears to be under development and nearly ready to be unleashed onto the threat landscape.

CEO of the world's largest ad firm targeted by Deepfake scam

While threat actors have used Generative AI tools to develop malware, PromptLock appears to be the first case of ransomware that uses an AI model as its engine. In a post on LinkedIn, Cherepanov reported that PromptLock leverages the gpt-oss:20b model from OpenAI locally using the Ollama API to be able to create new scripts on the fly and in real time.

In the LinkedIn post, Cherepanov said the ransomware script is currently able to exfiltrate files and encrypt data, and it’s in the process of being upgraded to destroy files.

The Future of Cyber Threats and Defense, by Keynote Matthew Griffin

“While multiple indicators suggest that the sample is a proof-of-concept (PoC) or a work-in-progress rather than an operational threat in the wild, we believe it is crucial to raise awareness within the cybersecurity community about such emerging risks,” he added.

In a statement the ESET researchers explained how the AI-driven ransomware could pose problems for defenders, “PromptLock uses Lua scripts generated by AI, which means that indicators of compromise (IoCs) may vary between executions,” the statement said. “This variability introduces challenges for detection. If properly implemented, such an approach could significantly complicate threat identification and make defenders’ tasks more difficult.”

Is this the first recorded incident of Robo-Suicide?

Cherepanov and Strycek will continue to dig in on PromptLock but wanted to alert cyber defenders quickly to the threat. In fact, Cherepanov said they shared their findings on social media just 18 hours after samples of the ransomware strain were picked up on VirusTotal.

“We don’t know who created the malware, but we do know that it was uploaded to VirusTotal from the United States,” the ESET researchers said in a statement.

In a series of posts on social media platform X, ESET noted that PromptLock is written in the Go programming language and that variants for Windows and Linux systems were both uploaded to VirusTotal. Additionally, ESET noted that the ransomware’s Bitcoin address for payments appears to belong to the mysterious Bitcoin creator Satoshi Nakamoto.

Ethereum falls after rumours of new powerful ASIC emerge

AI tools are currently being widely used by threat actors to create compelling phishing content and malicious sites, but applying the technology to power bespoke ransomware in real time presents an entirely new challenge for defenders.

“The rise of AI-powered malware represents a new frontier in cybersecurity,” Cherepanov said. “By sharing these findings, we hope to spark discussion, preparedness, and further research across the industry.”

Matthew Griffin / About Author

Described by NASA as a "Walking Encyclopaedia of the Future" and one of the world’s most in demand keynote speakers Matthew Griffin, Founder and Futurist in Chief of the 311 Institute, a global Futures and Deep Futures advisory firm, is a multi-award winning Futurist and strategic foresight expert, author, lecturer, mentor, podcast and YouTube host.

With a distinguished career running global business units at Atos, EMC, and IBM today Matthew helps leaders and titans of industry from all over the world explore the impact of the inter sections of technology, culture, and leadership, then helps them create high performance organisations that can continuously disrupt, outpace, and outthink their competition.

15 times author of the hit series the Codex of the Future series Matthew's ability to identify, track, and explain the impacts of hundreds of emerging technologies and trends on global business, culture, and society has earned him a powerful reputation and a roster of clients that include royal households, world leaders across the G7, G20, and G77, and many of the world's most recognised and exceptional organisations including ABB, Accenture, ABN Amro, Adidas, AON, ARM, BCG, Centrica, Citi Group, Coca Cola, Deloitte, Dentons, Disney, Dow, EY, Google, KPMG, Lego, Microsoft, Legal & General, LinkedIn, Nokia, Paramount, PepsiCo, PWC, Qualcomm, RWE, Samsung, T-Mobile, UBS, Visa, WIRED, WPP and hundreds of others.

Matthew is regularly featured in the global media including the AP, BBC, Bloomberg, CNBC, Discovery, Forbes, Khaleej Times, Telegraph, TIME, ViacomCBS, WIRED, and the WSJ, and his mission is to help organisations create a fair and sustainable future whose benefits are shared by everyone irrespective of their ability, background, or circumstances.