Security researchers have documented the first functional ransomware payload synthesized by a frontier artificial intelligence model, marking a structural shift in how cyber threats are engineered. The proof-of-concept, generated using DeepSeek, operates exclusively within Chromium-based browsers on Windows and Android, effectively bypassing conventional endpoint defenses by remaining inside trusted application boundaries.

Rather than deploying a standalone executable, the AI-crafted exploit weaponizes the File System Access API—a legitimate web standard that grants sites read and write access to local files. By chaining this capability with in-browser encryption routines, the malware executes entirely within the browser’s sandbox. This architecture neutralizes traditional security controls that rely on monitoring external process execution, scanning file system changes outside the browser, or matching known malicious signatures.

The incident underscores generative AI’s emerging role as an exploit synthesizer. According to the analysis, the model successfully merged previously theoretical browser-malware concepts with a functional web capability, producing a cross-platform payload with minimal human engineering. Because the threat operates entirely within a trusted browser process, it evades the detection paradigms that have long governed endpoint security.

The proof-of-concept has prompted immediate calls from security teams to pivot from signature-based defenses to behavior-driven monitoring. Experts recommend deploying real-time telemetry to flag anomalous File System Access API calls, unusual permission escalation patterns, and unexpected in-browser encryption activity. Traditional blocklists and executable scanners are largely ineffective against this attack vector.

Beyond immediate detection upgrades, the incident highlights the need to reevaluate default permission models for powerful web APIs and establish formal collaboration channels between AI developers and cybersecurity researchers. While the payload remains a proof-of-concept and has not been observed in active campaigns, its feasibility signals a paradigm shift in threat development. Organizations are advised to treat in-browser execution as a high-risk vector and integrate behavioral analytics into their security stacks before weaponized variants emerge.


安全研究人員已記錄首個由前沿人工智能模型合成的具功能勒索軟件載荷,標誌著網絡威脅的構建方式出現結構性轉變。該概念驗證由 DeepSeek 生成,僅於 Windows 及 Android 系統的 Chromium 瀏覽器內運行。由於其始終停留在受信任的應用程式邊界內,能有效繞過傳統的端點防禦。

該由 AI 編寫的漏洞利用程式並未投放獨立可執行檔案,而是將 File System Access API 武器化——此為一項授予網站讀寫本地檔案權限的合法網絡標準。透過將此功能與瀏覽器內加密機制結合,惡意軟件完全於瀏覽器的沙盒中執行。此架構令依賴監控外部程序執行、掃描瀏覽器外檔案系統變更或比對已知惡意特徵碼的傳統安全控制措施失效。

此事件突顯生成式 AI 作為漏洞合成器的新興角色。分析指出,該模型成功將以往僅屬理論的瀏覽器惡意軟件概念與具功能的網絡能力結合,在極少人工編寫下生成跨平台載荷。由於該威脅完全於受信任的瀏覽器程序中運行,成功避開了長期主導端點安全的偵測範式。

該概念驗證促使安全團隊立即呼籲,防禦策略應從基於特徵碼轉向行為導向監控。專家建議部署實時遙測,以標記異常的 File System Access API 呼叫、不尋常的權限提升模式,以及瀏覽器內意外的加密活動。傳統黑名單及可執行檔案掃描器對此攻擊向量大致失效。

除即時升級偵測能力外,此事件亦突顯一項迫切需求:重新評估強大網絡 API 的預設權限模型,並在 AI 開發者與網絡安全研究人員之間建立正式協作渠道。儘管該載荷仍屬概念驗證,尚未於實際攻擊活動中出現,但其可行性已標誌威脅開發模式的典範轉移。建議機構將瀏覽器內執行視為高風險向量,並在武器化變種出現前,將行為分析整合至其安全堆疊中。

新聞來源 / Original News Source