Vibe coding is all the rage among enthusiasts who are using large language models (or "AI") to replace conventional software development, so it's not shocking that vibe coding has been used to power ransomware, too. According to one security research firm, they've spotted the first example of ransomware powered and enabled by an LLM--specifically, an LLM by ChatGPT maker OpenAI. According to a blog post from ESET Research interviewing researcher Anton Cherepanov, they've detected a piece of malware "created by the OpenAI gpt-oss:20b model." PromptLock, a fairly standard ransomware package, includes embedded prompts sent to the locally stored LLM. Because of the nature of LLM outputs (which create unique, non-repeated results with each prompt), it can evade detection from standardized antivirus setups, which are designed to search for specific flags.

Kids play on retro computers in the IT 8-bit museum in Mariupol, Ukraine before it was attacked. Kids play on retro computers in the IT 8-bit museum in Mariupol, Ukraine before it was attacked. Nearly two decades ago, Dmitriy Cherepanov started a collection of retro computers in Mariupol, Ukraine, that grew into an internationally-known assemblage of historic machines, housed in a private museum he called IT 8-bit. Russia's campaign to take over his city in southeast Ukraine has killed at least 2,000 civilians, destroyed most of the city's homes and turned Cherepanov's beloved computer museum into rubble. "I'm very upset," Cherepanov, 45, told NPR. "It's been a hobby of my life."