Vibe coding is all the rage among enthusiasts who are using large language models (or “AI”) to replace conventional software development, so it’s not shocking that vibe coding has been used to power ransomware, too. According to one security research firm, they’ve spotted the first example of ransomware powered and enabled by an LLM—specifically, an LLM by ChatGPT maker OpenAI.

According to a blog post from ESET Research interviewing researcher Anton Cherepanov, they’ve detected a piece of malware “created by the OpenAI gpt-oss:20b model.” PromptLock, a fairly standard ransomware package, includes embedded prompts sent to the locally stored LLM. Because of the nature of LLM outputs (which create unique, non-repeated results with each prompt), it can evade detection from standardized an

See Full Page