PromptLock Ransomware Uses AI to Encrypt and Steal Data

PromptLock ransomware signals a major change in cybercrime. Security researchers found it to be the first ransomware powered by artificial intelligence. Unlike traditional malware, PromptLock uses a local AI model and dynamic scripting to steal and encrypt data across multiple platforms.

How PromptLock Works

The ransomware operates with an AI language model running locally. Instead of a fixed payload, it generates Lua scripts that adapt each time. These scripts manage tasks such as locating files, exfiltrating data, and launching encryption. By changing behavior with every execution, PromptLock avoids many common detection methods.

The malware is written in Go and relies on a lightweight encryption algorithm called SPECK 128-bit. While this cipher is unusual for ransomware, it works efficiently in the targeted environment. Researchers also noted unused code suggesting plans for data destruction, although this feature is not active.

Why PromptLock Matters

PromptLock ransomware shows how attackers can use AI to create unpredictable and evasive threats. Traditional ransomware usually leaves patterns that security tools can spot. PromptLock avoids this by generating non-deterministic code. Even with the same input, the ransomware can behave differently, making analysis harder.

Another factor is its independence from external AI services. Because it runs models locally, it leaves fewer traces for investigators and avoids detection tied to online API usage. This approach could inspire future ransomware families to adopt the same technique.

Defensive Steps

Security teams need to adapt quickly. Experts recommend stronger monitoring for Go-based executables and Lua script activity. They also suggest keeping a close watch on local AI model deployments. Detection methods must shift toward behavior analysis rather than relying on signatures.

Conclusion

PromptLock ransomware represents the start of AI-driven cybercrime. By combining local language models with adaptive scripts, it encrypts and steals data while staying difficult to detect. The appearance of PromptLock proves that AI-powered ransomware is no longer theory. Organizations must strengthen defenses now before more advanced versions appear.