Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill.
In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead.
Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access.
Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.
Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill. In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead. Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access. Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.