AI-Generated In-Browser Ransomware Technique Emerges via DeepSeek

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Researchers found that the AI model DeepSeek was used to generate a novel in-browser ransomware technique, exploiting browser APIs to encrypt user files on Windows and Android devices. This AI-enabled attack lowers the barrier for creating sophisticated malware, posing new risks to user data and security.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event involves an AI system (DeepSeek) used to generate malicious code that can cause harm by encrypting user files and stealing sensitive information, fulfilling the criteria for an AI Incident. The harm includes damage to property (encrypted files), violation of privacy rights, and potential disruption to users. The AI's role is pivotal as it enables low-expertise actors to create sophisticated ransomware attacks easily. The incident is ongoing or imminent, with evidence of actual threat actors attempting such attacks, confirming realized or direct harm rather than just a potential hazard.[AI generated]
AI principles
Robustness & digital securitySafety

Industries
Digital security

Affected stakeholders
Consumers

Harm types
Economic/Property

Severity
AI incident

AI system task:
Content generation


Articles about this incident or hazard