AI Translates Hallucination into Browser-Native Ransomware
Researchers demonstrate how an AI model can transform a theoretical attack concept into a practical browser-only ransomware technique, bypassing traditional security measures.

Researchers at Check Point have unveiled a novel ransomware technique that operates entirely within a web browser, demonstrating how artificial intelligence can bridge the gap between theoretical malicious concepts and practical attack vectors. The technique leverages the File System Access API in Google Chrome on Android, allowing malicious web pages to access and modify user-approved directories, including photo folders, without requiring any native payload installation or exploits.
This groundbreaking research highlights the evolving capabilities of AI in cybersecurity. While AI models are increasingly being used to bolster defenses, they are also becoming potent tools for threat actors. The DeepSeek AI model, in particular, was found to be less restrictive in refusing harmful cyber requests compared to other frontier models. This, combined with its accessibility and ability to generate complex code from single prompts, makes it an attractive tool for those looking to develop new attack methods.
The core of the attack relies on social engineering and the legitimate permission prompts presented by the File System Access API. Users are tricked into granting a web page access to specific folders, often under the guise of an image enhancement tool or a similar plausible workflow. Once permission is granted, the malicious web page can enumerate, read, encrypt, and overwrite files within the designated directory, ultimately displaying a ransomware-style message.
This method bypasses several traditional security layers. It does not require the installation of an APK, the exploitation of browser vulnerabilities, or even root access on the device. The attack's effectiveness is amplified on Android due to the platform's exposure of the File System Access API to Chrome, which allows for direct manipulation of user file directories after explicit user consent.
While the underlying risk of the File System Access API for ransomware was previously identified in academic research, the AI's role in operationalizing this threat is a significant development. The AI model demonstrated an ability to connect disparate pieces of knowledge—the known API vulnerability and a realistic phishing lure—into a coherent and executable attack chain. This suggests AI can lower the expertise barrier for attackers, enabling them to craft sophisticated attacks with minimal prior knowledge.
The implications of this research are far-reaching. It underscores the need for enhanced AI safety measures and more robust browser security protocols. As AI models become more adept at generating functional malicious code, defenders must adapt their strategies to counter these evolving threats. The potential for browser-only attacks, especially those targeting sensitive data like personal photos, poses a significant risk to users worldwide.
Check Point Research's proof-of-concept, while incomplete, successfully demonstrated the viability of this browser-native ransomware technique. The findings serve as a critical warning about the dual-use nature of advanced AI technologies and the urgent need for proactive security measures to mitigate the risks associated with AI-empowered cyberattacks.