Cybersecurity experts at ESET have issued a stark warning about the escalating threat of AI-driven malware, highlighting its rapid integration into sophisticated attack campaigns. According to ESET’s H2 2025 Threat Report, artificial intelligence is no longer a theoretical future threat but a present reality, with attackers actively employing AI to develop and deploy new forms of malicious software that evade traditional defenses. This development signals a significant shift in the capabilities of cybercriminals.
The report details the emergence of PromptLock, identified as the first known AI-powered ransomware. This novel malware represents a critical evolution in how ransomware operates, leveraging a dual-component architecture. A static Go-written module communicates with a server hosting an AI model, utilizing hardcoded prompts to dynamically generate Lua scripts. These AI-generated scripts then execute on compromised systems, meaning the malicious code is not pre-written by human developers, making it more adaptable and harder to detect.
AI-Driven Malware Attacks and the Ransomware Economy
The adaptive capabilities of PromptLock are a key concern for cybersecurity professionals. Unlike conventional ransomware that adheres to a fixed set of instructions, PromptLock utilizes AI to create unique scripts tailored for specific tasks such as enumerating file systems, identifying and exfiltrating data, and encrypting files. This autonomous approach allows the malware to independently assess a victim’s environment and decide on the most effective course of action, whether it be data theft, encryption, or destruction.
Furthermore, PromptLock incorporates a sophisticated feedback loop designed to enhance the reliability of AI-generated code. When the dynamically generated Lua scripts are executed, the malware captures logs of their performance and sends this information back to the AI model. This allows the AI to refine its script generation based on the feedback, correcting any functional errors and ensuring the effectiveness of its actions. This iterative process allows AI-driven malware to achieve a high degree of reliability despite the inherently non-deterministic nature of language models.
The implications of this advancement extend beyond PromptLock. ESET researchers have also identified other AI-driven threats, including PromptFlux, which uses the Gemini AI model to rewrite dropper source code for maintaining persistence on compromised systems, and PromptSteal, designed to generate Windows commands aimed at harvesting sensitive documents. These examples illustrate a broader trend of attackers integrating AI into various stages of the attack lifecycle.
Meanwhile, the ransomware-as-a-service (RaaS) market has witnessed a period of explosive growth. Publicly reported ransomware victims, often detailed on dedicated leak sites, have already surpassed the total number of victims reported in 2024, with projections indicating a substantial 40 percent year-over-year increase. Dominant ransomware groups like Qilin and Akira continue to pose significant threats, while newer entities such as Warlock are introducing advanced evasion techniques designed to circumvent modern endpoint detection and response (EDR) tools, further complicating defense strategies.
The convergence of increasingly sophisticated AI-driven malware attacks and a booming ransomware economy presents a critical and urgent security imperative for organizations globally. The ability of attackers to leverage AI for custom code generation and adaptive attack strategies, coupled with the widespread availability of ransomware services, demands a proactive and evolving approach to cybersecurity defense.
Looking ahead, organizations are expected to accelerate the adoption of AI-powered security solutions to counter these evolving threats. The effectiveness of these AI defenses will likely be a key factor in the ongoing arms race between cybercriminals and security professionals. However, the continuous innovation in AI-driven attack methods means that vigilance and continuous adaptation will remain paramount in the face of these growing challenges.