PromptLock is a Golang-based, cross-platform ransomware prototype that ESET identified in August 2025 and named as the first known AI-powered ransomware. High-confidence reporting in the provided content indicates it is a proof of concept or work in progress rather than malware observed in real-world attacks, and later reporting linked the samples to the academic NYU Tandon research prototype "Ransomware 3.0: Self-Composing and LLM-Orchestrated." PromptLock uses a locally accessible large language model—reported as OpenAI gpt-oss-20b via the Ollama API—to dynamically generate and execute malicious Lua scripts at runtime. Those scripts are described as performing filesystem enumeration, file inspection, data exfiltration, and file encryption; some reporting also notes unfinished or inactive destructive/wipe logic. The malware is described as targeting Windows and Linux, with multiple sources also stating the generated Lua logic was intended to be cross-platform across Windows, Linux, and macOS. ESET reported Windows and Linux variants uploaded to VirusTotal and classified them as Linux/Filecoder.PromptLock.A and WinGo/Filecoder.PromptLock.A. Reported sample SHA-1s include Linux: 24BF7B72F54AA5B93C6681B4F69E579A47D7C102, AD223FE2BB4563446AEE5227357BBFDC8ADA3797, BB8FB75285BCD151132A3287F2786D4D91DA58B8, F3F4C40C344695388E10CBF29DDB18EF3B61F7EF; Windows: 639DBC9B365096D6347142FCAE64725BD9F73270, 161CDCDB46FB8A348AEC609A86FF5823752065D2, 8C7BCAFCE90F5FB121131ECB27346ECFC6E961C5. The content consistently associates PromptLock with ESET’s discovery and later academic attribution, not with a confirmed criminal threat actor or active campaign.