First AI-Powered Ransomware Created Using OpenAI's gpt-oss:20b Model

September 3, 2025

A novel ransomware prototype called PromptLock, first reported publicly in late August 2025 can be described as the first known AI-powered ransomware, although the strain is a proof-of-concept rather than a widespread, active campaign.

PromptLock is written in Go and leverages a locally accessible LLM — OpenAI’s gpt-oss:20b — via the Ollama API to generate malicious Lua scripts on the fly; those scripts perform filesystem enumeration, selective file inspection, data exfiltration and file encryption, and are cross-platform (Windows, Linux, macOS). The sample embeds hard-coded prompts so the LLM synthesizes behavior at runtime, and the PoC uses SPECK 128-bit encryption and even assembles contextual ransom notes based on files found.

The security implications are significant: because the malicious logic is synthesized dynamically, Indicators of Compromise (IoCs) can vary between executions, making heuristic and signature detection much harder and increasing attacker agility; this lowers the technical barrier for would-be criminals and amplifies risks from prompt injection and other model-routing/jailbreak techniques.

More from Blackwired

August 27, 2025

Chinese Hackers Silk Typhoon Escalate Cloud and Telecom Espionage

Silk Typhoon targets cloud via zero-days, supply chains, and trusted ties; monitor edge, patch fast to detect and defend.

Read more
August 20, 2025

For $40, you can buy stolen police and government email accounts

Compromised government emails sold cheaply online risk major abuse; MFA & behavior analysis needed to detect and prevent misuse.

Read more
August 13, 2025

Exploring the Top Cyber Threats Facing Agentic AI Systems

Agentic AI boosts efficiency but brings new security risks; key issues are context corruption, tool sourcing, and authorization flaws.

Read more

© 2024 Blackwired. All Rights Reserved.