As AI continues to reshape industries, it’s also rewriting the rules of cybercrime. This week, cybersecurity researchers introduced PromptLock, the world’s first known proof-of-concept ransomware built entirely with the help of generative AI.
Unlike traditional ransomware strains that carry a static payload and leave behind signatures, PromptLock doesn’t deliver code upfront. It uses AI tools like ChatGPT or WormGPT to generate malicious code in real time during execution. That makes it nearly impossible for conventional antivirus and endpoint detection tools to catch it before damage is done.
Traditional ransomware follows a known pattern: a malicious file or link delivers a hardcoded payload that encrypts files, demands a ransom, and leaves forensic breadcrumbs. Security tools have adapted over time to recognize and block these signatures. PromptLock flips that model completely.
Instead of including malware in the file itself, PromptLock sends live prompts to AI models at runtime to generate and execute malicious code—on demand. Each time the ransomware runs, it can behave differently, making it hard to detect, analyze, or block using signature-based systems.
This approach:
Leaves no static indicators of compromise (IOCs)
Evades antivirus and traditional EDR tools
Requires no technical coding knowledge from attackers—just well-crafted prompts
Let’s be clear—PromptLock is not yet in the wild. It’s a proof of concept created by researchers to demonstrate what’s possible.
But it’s a warning shot.
Generative AI is becoming accessible to everyone, including threat actors. And now we know it can be used not just to write phishing emails or scam scripts—but to build fully functional malware in real time.
For businesses and IT teams, this means:
Relying on signature-based detection alone is no longer enough
Endpoint protection must evolve to focus on behavior and anomalies, not just known threats
Security policies and awareness training need to include AI-generated risk scenarios
Cyber resilience depends on early detection, layered defenses, and expert guidance
At Ferrum, we secure the environments our clients rely on—not just with tools, but with the strategy to stay ahead of threats that haven’t fully arrived yet. We help businesses harden their infrastructure, monitor activity in real time, and build a security posture that keeps evolving.
Because attackers no longer need code—they just need a prompt.
And that changes everything.