What Is PromptLock?
PromptLock is the first known ransomware written with the help of artificial intelligence. Unlike traditional ransomware, coded entirely by humans, PromptLock uses AI models to generate parts of its malicious scripts, making it unpredictable and harder to detect. Currently, it’s considered a work-in-progress rather than an active threat — but it’s a major warning sign for the future of cybercrime.
Who Discovered PromptLock?
PromptLock was identified by ESET researcher Anton Cherepanov while monitoring malware samples uploaded to VirusTotal. By carefully analyzing the code, researchers discovered embedded AI prompts that revealed the malware had been partially generated by the gpt-oss:20b model.
How Does PromptLock Work?
The ransomware contains prompts that it sends to the AI model to generate Lua scripts. These scripts can vary each time the malware is executed, giving it a non-deterministic behavior. In its current form, PromptLock is designed to:
- Exfiltrate files from a victim’s system
- Encrypt data using the SPECK 128-bit encryption algorithm
- Potentially disrupt or destroy certain files depending on execution
This ability to evolve dynamically makes it different from fixed, human-coded ransomware.
What Can PromptLock Do Right Now?
At the moment, PromptLock is not a highly advanced threat. While it shows potential, the current implementation lacks the sophistication of established ransomware families. Still, the fact that it can exfiltrate and encrypt files proves its potential to cause real harm if further developed.
Why Is AI-Powered Ransomware More Dangerous Than Traditional Ransomware?
Traditional ransomware follows static coding patterns, making it easier for security tools to detect. AI ransomware like PromptLock, however, introduces:
- Unpredictable behavior – Scripts vary with every run.
- Rapid adaptability – Can evolve without much human coding effort.
- Harder detection – AI-generated code may not match known malware signatures.
This flexibility could allow cybercriminals to stay one step ahead of defenses.
Is PromptLock an Active Threat Today?
No — PromptLock is still in its early stages and has not been detected in widespread attacks. However, its discovery signals that cybercriminals may soon experiment more with AI-driven malware.
What Could the Future of AI Ransomware Look Like?
As AI technology advances, ransomware could become:
- Faster at spreading across networks
- More effective at finding valuable targets
- Harder to block with traditional antivirus tools
- Capable of launching personalized attacks against individuals or organizations
Future strains may even bypass basic defenses automatically, making them extremely dangerous.
How Can Individuals and Businesses Protect Themselves?
The emergence of AI ransomware highlights the need for proactive cybersecurity. Here are key steps:
- Regular backups of important files, stored offline
- Multi-layered security including next-gen antivirus and endpoint detection
- Zero-trust architecture to minimize exposure
- Employee training to prevent phishing-based entry points
- AI-driven defense tools to counter evolving threats
Will AI Change the Entire Ransomware Landscape?
Yes. AI introduces automation, unpredictability, and speed that human attackers cannot match on their own. While defenders will also use AI, the discovery of PromptLock is a reminder that cybercrime is entering a new era.
Looking Ahead: AI and Ransomware Evolution
PromptLock is not yet a widespread threat, but its existence is a wake-up call. It demonstrates how AI can be weaponized for malicious purposes. The security industry, businesses, and individuals must prepare now — because ransomware will only become smarter and more dangerous.
Frequently Asked Questions (FAQ)
1. Is PromptLock ransomware spreading right now?
No, PromptLock is still in a research stage and not currently spreading in the wild.
2. Who discovered PromptLock?
It was discovered by Anton Cherepanov, a researcher at ESET.
3. How is AI used in PromptLock?
The ransomware uses AI prompts to generate dynamic Lua scripts that perform malicious functions.
4. Why is AI ransomware dangerous?
Because it can adapt, change behavior, and avoid detection more effectively than static, human-coded malware.
5. Can antivirus software stop AI ransomware?
Yes, robust solutions can still detect the executables behind the scripts, though detection may be harder compared to traditional ransomware.
6. What should I do to stay safe?
Maintain backups, use advanced security tools, and practice good cyber hygiene to reduce risks.