CLEVELAND, OH - September 24, 2025 - The cybersecurity landscape reached a turning point with PromptLock, the first known ransomware written by artificial intelligence. This new reality is one more warning from cyber incident response specialists for organizations to fundamentally rethink their defense strategies.

“We're witnessing the birth of a new class of threats,” said Magdy Abdelaziz, Head of Digital Forensics and Incident Response (DFIR) at Proven Data, a leading incident response firm. “When malware can generate unique attack code for each victim, traditional signature-based defenses become nearly useless.”

PromptLock: a malware that rewrites itself

ESET researchers discovered PromptLock in August during routine threat analysis. Unlike conventional ransomware that follows predetermined instructions, this malware uses an AI language model to generate new malicious scripts in real time. The result is a digital shapeshifter that creates different attack code for every target, making detection extremely difficult.

“Traditional antivirus looks for known criminals. But AI-generated malware is like a master of disguise that changes its appearance every time. The criminal's face is different each time, but their behavior patterns remain consistent,” explained

Abdelaziz. “That's why we focus on behavioral detection by watching for suspicious activities like rapid file encryption or unusual network communication, rather than only trying to recognize specific code signatures.”

The malware autonomously decides which files to steal or encrypt based on what it finds on infected systems. It works across Windows, Linux, and Mac computers, giving it unprecedented flexibility to attack mixed IT environments common in hospitals, law firms, and businesses.

While PromptLock was revealed to be a proof-of-concept created by New York University researchers rather than an active criminal tool, security experts emphasize that the threat it represents is very real. Recent research from MIT highlights that criminal groups are already leveraging AI in the vast majority of ransomware attacks, estimated at around 80%.

Experts at Proven Data warn that fully autonomous malware is the logical next step in this evolution. Today, cybercriminals are using AI to generate highly convincing phishing emails, produce deepfake audio for social engineering, crack passwords at scale, and even develop sophisticated malware code.

This trend dramatically lowers the barrier for launching sophisticated attacks. Where cybercriminals once needed teams of skilled programmers, they now need only well-configured AI tools to create complex, self-adapting threats.

Critical defense gaps exposed

The emergence of AI-powered malware exposes significant weaknesses in current cybersecurity approaches. Traditional antivirus software relies on identifying known threat signatures.

For example, a healthcare network facing AI-generated ransomware could see patient records encrypted with attack code that's never been seen before, making recovery more complex, if not impossible. Legal firms might face data theft where the malware intelligently identifies and targets their most valuable case files.

New defense requirements

Security experts recommend that organizations immediately assess their incident response capabilities against AI-powered threats. Key areas include:

• Behavioral Detection: Moving beyond signature-based tools to systems that identify suspicious behavior patterns, even from previously unknown threats.
• Rapid Response Teams: Ensuring 24/7 access to specialists who can quickly contain and analyze novel attack methods.
• Data Protection: Implementing robust backup and recovery systems that can restore operations even when facing unprecedented attack techniques.
• Evidence Preservation: Maintaining forensically sound processes to document attacks for legal proceedings and regulatory compliance.

“Organizations can't wait for the next PromptLock to appear in the wild,” emphasized Abdelaziz. “The technology exists, the techniques are proven, and criminal adoption is inevitable. The time to prepare is now.”

About Proven Data

Proven Data provides ransomware recovery, emergency digital forensics and incident response (DFIR), and data recovery services to organizations facing cyber threats and data emergencies. With over a decade of experience and a 98% success rate, the company's specialists help clients recover from ransomware attacks, data breaches, and system failures while maintaining forensic integrity for legal and regulatory requirements.

Media Contact
Company Name: Proven Data
Contact Person: Media Relations
Email: Send Email
Phone: (877) 364-5161
Country: United States
Website: provendata.com