**ESET Uncovers PromptLock: The First AI-Driven Ransomware Generating Malicious Scripts in Real Time**
Researchers at ESET have identified PromptLock, the first known ransomware leveraging generative AI to dynamically create and execute malicious scripts. Unlike traditional ransomware, PromptLock uses an OpenAI model via the Ollama API to generate cross-platform Lua scripts on demand, enabling it to autonomously scan systems, exfiltrate data, encrypt files, or even destroy information based on AI-driven decisions.
The malware consists of two key components: a static module that communicates with an AI server and contains hardcoded prompts, and dynamically generated scripts that perform tasks like filesystem enumeration and data manipulation. While currently a proof-of-concept, its existence signals a major shift in cyber threats—lowering the barrier for attackers by replacing skilled developers with AI models capable of crafting adaptive malware.
ESET Senior Malware Researcher Anton Cherepanov warned that such tools could complicate detection and defense, as AI-generated threats evolve in real time. The discovery underscores the growing sophistication of AI-powered attacks, which previously focused on phishing and scams but now extend to full-fledged ransomware.
In parallel, ESET’s latest Threat Report highlights a 87% surge in NFC-based malware in the latter half of the year, with threats like NGate evolving to steal contacts and other sensitive data. The rise of both AI-driven ransomware and NFC attacks reflects an expanding threat landscape, where attackers exploit emerging technologies to bypass traditional defenses.
ESET cybersecurity rating report: https://www.rankiteo.com/company/eset
"id": "ESE1766606077",
"linkid": "eset",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'attack_vector': 'AI-generated malicious scripts via Ollama API (OpenAI '
'model)',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'type_of_data_compromised': 'Filesystem data (exfiltrated, '
'encrypted, or destroyed)'},
'description': 'ESET Research detailed PromptLock, the first known AI-driven '
'ransomware capable of generating malicious scripts on the fly '
'using an OpenAI model via the Ollama API. The ransomware '
'scans systems, exfiltrates, encrypts, or destroys data based '
'on AI decisions. It consists of a static main module and '
'dynamically generated Lua scripts for filesystem enumeration, '
'data exfiltration, and encryption. PromptLock is currently a '
'proof-of-concept but signifies a shift in the cyberthreat '
'landscape.',
'impact': {'data_compromised': True,
'operational_impact': 'Potential severe complication of detection '
'and cybersecurity defense efforts'},
'lessons_learned': 'The emergence of AI-driven ransomware like PromptLock '
'highlights a significant shift in the cyberthreat '
'landscape, making sophisticated attacks easier to launch '
'and harder to detect. Organizations must prioritize '
'fundamentals like updates, backups, and cautious handling '
'of files/tools.',
'post_incident_analysis': {'corrective_actions': 'Enhanced detection '
'mechanisms, AI-driven '
'threat monitoring, and '
'proactive cybersecurity '
'measures',
'root_causes': 'AI-driven automation lowering the '
'barrier for sophisticated '
'ransomware development'},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'PromptLock'},
'recommendations': ['Keep operating systems, browsers, and security tools '
'fully updated',
'Use reputable endpoint protection with behavioral '
'detection',
'Treat unexpected files, installers, and tools with '
'caution',
'Limit admin privileges to prevent easy '
'encryption/destruction of data',
'Maintain regular offline backups for ransomware '
'resilience',
'Educate employees on cybersecurity best practices'],
'references': [{'source': "ESET Research's Threat Report"},
{'source': 'TechRadar Pro'}],
'response': {'enhanced_monitoring': 'Recommended: Enable behavioral detection '
'in endpoint protection'},
'title': 'ESET discovers PromptLock, first AI-driven ransomware generating '
'malicious scripts dynamically',
'type': 'Ransomware'}