🟠 High | Source: The Hacker News
Researchers have identified a working ransomware technique generated with the help of DeepSeek, an AI model, that exploits a legitimate Chromium browser API to execute entirely within the browser on both Windows and Android. This is significant because it demonstrates that frontier AI models can be used to construct novel, previously theoretical attack paths and turn them into functional malware. The browser-based execution model means traditional endpoint ransomware defences may not detect or block it.
Security Architect’s Take: Review and enforce browser extension and API usage policies across your organisation’s managed device fleet, particularly restricting access to sensitive Chromium APIs via enterprise browser policies. Ensure endpoint detection tools are configured to monitor browser process behaviour, not just filesystem and process-level ransomware indicators, and consider this a signal to accelerate AI-generated threat modelling exercises within your security team.
Original advisory: AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android