PromptLock: The First AI-Powered Ransomware Prototype

Contents

Summary Of The Attack

  • PromptLock Unveiled: ESET revealed PromptLock in August 2025, the first AI-powered ransomware prototype using LLMs, targeting multiple OS with adaptive, polymorphic attacks.
  • How It Works: Uses gpt-oss:20b via Ollama API to create dynamic scripts, select sensitive files, encrypt with SPECK, and generate custom ransom notes.
  • Business Impact: Increases risks for regulated firms by targeting sensitive data, evading controls, and exploiting open-source libraries, signaling AI-driven cyber threats.
  • Defense Actions: Audit AI tools, use behavioral monitoring, secure backups, and segment networks; enhance with endpoint protection, prompt policies, and training; adopt AI defenses and supply chain audits long-term.
  • Expert Guidance: Tom Vazdar warns of prompt injection risks; PurpleSec provides AI-aware detection, rapid response, vCISO assessments, and incident planning.

Detect, Block, And Log Risky AI Prompts

PromptShieldâ„¢ is the first AI-powered firewall and defense platform that protects enterprises against the most critical AI prompt risks.

AI-Powered Ransomware Emerges: What Business Leaders Need To Know About PromptLock

On August 25-27, 2025, ESET researchers publicly disclosed PromptLock, the first documented AI-powered ransomware prototype.

While this represents proof-of-concept technology rather than an active threat with confirmed victims, it signals a significant evolution in how cybercriminals may weaponize artificial intelligence.

For small businesses and enterprises, understanding PromptLock’s capabilities provides critical insight into preparing defensive strategies before these threats become widespread.

"With AI, you get faster, more sophisticated attacks. We're talking about adaptive malware that actively discovers vulnerabilities and adapts on the fly. This is worse than zero-day attacks."

Technical Profile: How PromptLock Operates

PromptLock represents a new class of threats that leverages Large Language Models (LLMs – sophisticated AI systems trained on vast amounts of text) to automate attack phases traditionally requiring manual intervention. The malware demonstrates several concerning capabilities:

Core Components

  • AI Integration: Uses the gpt-oss:20b model locally via Ollama API to generate attack scripts dynamically
  • Cross-Platform Compatibility: Targets Windows, Linux, and macOS systems using Golang programming
  • Polymorphic Behavior: Creates unique attack variations for each execution, making traditional signature-based detection ineffective
  • Autonomous Decision-Making: Determines which files to enumerate, exfiltrate, or encrypt based on content analysis

Attack Sequence

  1. Reconnaissance: AI-generated scripts scan file systems and identify valuable data
  2. Data Evaluation: Analyzes files to determine sensitive information content
  3. Selective Exfiltration: Copies high-value files before encryption
  4. Encryption: Encrypt files using SPECK 128-bit encryption.
  5. Ransom Generation: Creates customized ransom notes based on victim’s data profile

"Static, rule-based defenses like firewalls struggle against AI-powered malware. These attacks evolve in real time, bypassing guardrails dynamically."

$35/MO PER DEVICE

Enterprise Security Built For Small Business

Defy your attackers with Defiance XDRâ„¢, a fully managed security solution delivered in one affordable subscription plan.

Business Impact Assessment

Immediate Risk Factors

Risk Category

Impact for SMBs

Mitigation Priority

Detection Evasion

Traditional antivirus may fail due to polymorphic scripts.

High – Upgrade to behavioral detection.

Attack Scalability

Lower technical barriers enable more threat actors.

Medium – Monitor threat landscape.

Cross-Platform Exposure

Mixed IT environments face broader attack surface.

High – Implement unified security.

Operational Disruption

Faster encryption could minimize response time.

Critical – Enhance backup systems.

Regulatory Considerations

Organizations subject to GDPR, HIPAA, or sector-specific regulations face heightened exposure when AI-powered threats can:

  • Identify and prioritize sensitive data automatically.
  • Adapt to bypass compliance-focused security controls.
  • Generate evidence destruction capabilities.

"SMEs often adopt open-source libraries blindly, without auditing. A malicious actor can slip in modified code. This blind spot makes organizations even more vulnerable when AI-driven malware exploits those dependencies."

Strategic Recommendations For Defense

Phase 1: Immediate Actions (0-30 days)

  • Audit AI Tool Usage: Document any locally hosted AI models or API access points.
  • Implement Behavioral Monitoring: Deploy tools that detect unusual file enumeration and script generation.
  • Strengthen Backup Protocols: Ensure immutable backups with tested restoration procedures.
  • Review Network Segmentation: Limit lateral movement potential through proper access controls.

SMB teams can start with 10 Ways To Protect Your Small Business From Ransomware.

Phase 2: Enhanced Protection (30-90 days)

  • Deploy Advanced Endpoint Protection: Move beyond signature-based tools to behavior-aware solutions. For a deeper primer on AI detection benefits and use cases, read AI in Cybersecurity: Defending Against the Latest Threats.
  • Establish Prompt Security Policies: If using AI tools internally, implement input sanitization and access controls.
  • Conduct Threat Simulation: Include AI-powered scenarios in tabletop exercises.
  • Staff Training: Educate teams on emerging AI threats and social engineering tactics.

Phase 3: Long-term Resilience (90+ days)

  • AI-Powered Defense Integration: Consider security solutions that leverage AI to counter AI threats.
  • Supply Chain Security: Audit third-party dependencies and open-source components.
  • Continuous Monitoring: Implement 24/7 monitoring for anomalous AI model usage or API calls.

"Attack timelines are now measured in hours, not months. If you don't have AI-powered defense systems in place, you're already behind."

Expert Perspective: The Road Ahead

The discovery of PromptLock, confirmed by NYU researchers as an academic prototype called “Ransomware 3.0“, validates cybersecurity experts’ warnings about AI weaponization.

This proof-of-concept demonstrates that locally hosted AI models can be turned against their intended purpose through prompt injection techniques.

For business leaders, the key insight isn’t about PromptLock specifically—it’s about the rapid progression toward AI-versus-AI warfare in cybersecurity.

To understand the defender–attacker agent dynamic, see AI vs AI: The Biggest Threat To Cybersecurity.

Organizations that delay implementing AI-aware defenses risk facing increasingly sophisticated automated attacks.

"We're heading toward AI-versus-AI warfare—autonomous malware agents and orchestrated campaigns, like drone swarms, attacking at scale. Criminals won't even need technical skills; they'll rent AI-driven attack kits."

Detect, Block, And Log Risky AI Prompts

PromptShieldâ„¢ is the first AI-powered firewall and defense platform that protects enterprises against the most critical AI prompt risks.

Next Steps: Partner With PurpleSec

PurpleSec’s Department of Defense-trained experts help small businesses and startups prepare for emerging threats like AI-powered ransomware.

Our affordable, veteran-owned cybersecurity solutions provide:

  • AI-Aware Threat Detection: Behavioral analysis systems that identify polymorphic malware.
  • Rapid Response Capabilities: Under-10-minute deployment for immediate protection.
  • Strategic Risk Assessment: vCISO services to evaluate your AI threat exposure.
  • Incident Response Planning: Tailored procedures for non-deterministic attack scenarios.

If you need a structured evaluation, our AI Security Consulting Services can assess your LLM exposure and controls.

Ready to strengthen your defenses? Contact PurpleSec today for a complimentary AI security assessment and discover how we can help your organization stay ahead of evolving threats.

"A dangerous misconception is believing you're safe because nothing has happened yet. Secrets like API keys are prime targets. Without rotation and strict management, they become low-hanging fruit for attackers."

Article by

Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and President of PurpleSec.
Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and President of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Related Breaches