The point: Frontier AI models can convert ransomware concepts into real, browser-based attack vectors that abuse genuine Chromium APIs.
Security researchers have documented malware generated with DeepSeek that for the first time combines a working ransomware technique that runs entirely in the browser — equally on Windows and Android.
Cybersecurity researchers have identified a new malware artifact generated with DeepSeek. The malware artifact combines previously untested browser malware concepts with genuine browser functionality to construct a working ransomware technique. This runs entirely in the browser and executes on both Windows and Android devices.
This is the first documented scenario in which a frontier AI model has been used in this manner. The discovery shows that large language models are capable of generating realistic attack methods that have not yet been deployed and therefore are not captured in traditional malware signature databases.
For CISOs, this raises several implications: browser-based attack surfaces are expanded by AI-generated variants that can evade traditional detection mechanisms. The technique breaks down the problem into two parts — an unrealistic concept is combined with genuine, already-existing API functionality to produce an exploit pattern that actually works. This calls into question the previous assumption that only mature, documented attack forms are deployed in practice.
The implication for defensive strategy is that AI-generated variants cannot be detected on the basis of known patterns — rather, behavioral detection and API abuse detection are becoming increasingly important. Browser isolation and stricter permissions for web APIs are corresponding countermeasures.
Source: thehackernews.com · Published 1 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.