alexi.sh
All articlesBrowser securityNetwork privacyPrivacy toolingThreat modelingAI codingDev tooling

alexi.shResearch

browser-privacy

AI-Generated Browser Ransomware: What DeepSeek's Proof of Concept Means (2026)

PrivSec Lab4 min read
Syntax-highlighted source code on a dark screen

Check Point showed that the DeepSeek AI model can generate ransomware that runs entirely inside a Chromium browser, with no app to install. It is a proof of concept, not an outbreak, and it needs your click. What it is, how it works, and how to stay safe.

The security firm Check Point showed that an AI chatbot can generate working ransomware that runs entirely inside your web browser, with no app to install and no security bug exploited. It is a proof of concept, not a real-world outbreak, and it still needs you to click Allow. But it is a clear preview of where AI-assisted malware is heading, and it hinges on one browser permission most people have never thought about. Here is what happened, how the attack works, and how to protect yourself.

What Check Point found

Check Point published a report titled Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique. They analysed a malware sample generated with the Chinese AI model DeepSeek that connected a theoretical idea to a working method. Their conclusion, in their words: AI can turn high-level malicious ideas into concrete techniques, and can independently design novel attack paths that have not yet appeared in real campaigns.

The honest context matters as much as the headline. This is a research proof of concept. Check Point found no evidence the technique is being used in real attacks, and the original DeepSeek-generated sample was incomplete and did not reliably run the full attack. A human guided every step; the AI did not launch anything on its own.

How the browser-only attack works

The technique abuses a legitimate browser feature called the File System Access API, which lets a web page read and write files in a folder you choose. The steps are simple:

  • You land on a convincing web app. Check Point's decoy posed as a Discord avatar AI upscaler.
  • You click to proceed, and the browser shows its normal folder-access permission prompt.
  • If you grant it, the page can list the files in that folder, read and steal their contents, then encrypt and overwrite them.
  • Finally it displays a ransom note demanding Bitcoin.

No native program is installed, no browser vulnerability is exploited, and no root access is needed. Everything runs inside the tab you opened.

Hands typing on a laptop with the words Your personal files are encrypted repeated in red - the kind of ransom note a browser-based attack would display.

Which browsers are exposed

The File System Access API is a Chromium feature. Check Point confirmed the risk on Chromium-based browsers, meaning Chrome and its relatives, across Windows, macOS, ChromeOS, Linux and Android, and they tested it on Chrome 148 for Android. Firefox and Safari do not expose the same file-picker method, so they are not affected in the same way. Browsers already block the most sensitive folders such as the home directory, Desktop, Documents, Downloads and system paths, though Check Point noted that Pictures and Videos were reachable on the systems they tested.

Why it was built with DeepSeek

The choice of DeepSeek is the real story for anyone watching AI safety. Check Point reported that DeepSeek's models were less consistent at refusing harmful cyber requests than models from Anthropic or OpenAI, that DeepSeek is free and widely available, and that it could often produce a working malicious app from a single broad prompt rather than forcing an attacker to split the request into innocent-looking pieces. Asked directly for ransomware, DeepSeek refused; reworded to avoid the term while keeping the function, it complied. The lesson is not that AI has gone rogue. It is that the barrier to building malware is dropping, which is exactly why defensive habits matter more, not less.

How to protect yourself

The good news is that because this attack needs your permission, you can stop it at the prompt. Check Point's advice, in plain terms:

  • Treat a browser folder-access prompt like a request for admin rights. Before you allow, check which site is asking, which folder it wants, and whether it really needs to edit your files.
  • Never grant a website access to folders with photos, documents, recovery codes or work files unless you deeply trust it.
  • Prefer established native apps or well-known cloud services for anything valuable, not a brand-new AI tool you just discovered.
  • Keep offline and cloud backups, which take the leverage out of any ransomware.
  • Keep your browser and operating system updated, since vendors are refining these permission models.
  • Stay sceptical of polished AI-branded utilities. A slick interface is not proof of safety.

AI-generated malware is no longer hypothetical, but the defence is old-fashioned and reassuring: think before you grant access, and keep backups. For the bigger picture of browser privacy and tracking, see our state of browser privacy in 2026.

Photo: Pixabay (source)

Also available in

FAQ

Is the AI-generated browser ransomware a real attack?
Not in the wild. It is a proof of concept from Check Point, based on a malware sample generated with the DeepSeek AI model. Check Point found no evidence the technique has been adopted in real-world attacks, and the original DeepSeek-generated sample was incomplete and did not reliably run the full attack. Check Point built a controlled proof of concept to measure the risk.
How does browser-only ransomware work?
It abuses a legitimate browser feature, the File System Access API, that lets a web page read and write files in a folder you pick. A deceptive web app (Check Point used a fake Discord avatar upscaler) asks for folder access; if you grant it, the page can list, read, exfiltrate, then encrypt and overwrite your files, and finally show a ransom note. No app is installed and no browser bug is exploited.
Which browsers are affected?
The File System Access API is a Chromium feature, so Chrome and other Chromium-based browsers are exposed on Windows, macOS, ChromeOS, Linux and Android (Check Point confirmed it on Chrome 148 for Android). Firefox and Safari do not expose the same file-picker method. Browsers already block the most sensitive folders such as home, Desktop, Documents and Downloads.
How do I protect myself?
Because the attack needs your permission, you can stop it at the prompt. Treat a browser folder-access request like admin rights: check which site is asking and which folder it wants. Never grant access to folders with photos, documents or recovery codes unless you deeply trust the site, prefer established native apps for valuable data, keep offline backups, and update your browser.