Qrator Labs’ CTO Andrey Leskin/Image: Supplied
The cybersecurity industry is facing a seismic shift with the emergence of PromptLock, the world’s first adaptive AI-powered virus. Built on open-source models, PromptLock can reconfigure itself each time it runs, making it virtually impossible to detect through traditional antivirus methods. It targets critical system files across Windows, macOS, and Linux, encrypting them for ransom while behaving differently on every machine. For small and mid-sized businesses in particular, this raises profound questions about resilience, cost, and strategy.
In an exclusive interview with Gulf Business, Qrator Labs’ CTO Andrey Leskin unpacks how AI is reshaping the malware landscape, why legacy defences are no longer enough, and what practical steps enterprises and SMEs alike must take to stay ahead of the threat.
Signature-based detection is obsolete
Traditional cybersecurity relies heavily on signatures — static patterns embedded in executables that allow antivirus engines to flag malicious software. PromptLock’s adaptive design undermines this approach.
“Traditional signature-based detection relies on static patterns in executables — for example, looking for embedded cryptographic modules or techniques used to hide resident processes,” said Leskin. “AI-driven malware like PromptLock undermines this model because the malicious code is not hardcoded in the binary. Instead, it is generated dynamically at runtime by the AI model.”
This dynamism makes detection nearly impossible. Even when antivirus engines can identify AI components, their ubiquity in everyday applications blurs the line between legitimate and malicious use. “The real difference lies in the prompts fed to the model — but unpacking or analyzing them is an extremely complex task,” Leskin explained. As a result, behaviour-based and intent-focused detection is emerging as the only sustainable path forward.
AI-driven DDoS: indistinguishable from real users
Another alarming dimension is how AI enables large-scale Distributed Denial of Service (DDoS) attacks. Traditionally, botnets flood systems with uniform traffic, which defenders can filter out. AI now makes it possible for bots to emulate human-like browsing at scale.
“When generating prompts targeting a specific website — for example, an online shop — attackers can instruct one bot to search for groceries, another to browse for home care products, and so on,” said Leskin. “Because AI is inherently non-deterministic, every request looks slightly different, emulating genuine user behaviour at scale.”
The implications are stark. Web application firewalls and anti-DDoS systems that depend on signatures or CAPTCHAs cannot distinguish this traffic. “Modern AI can now solve such challenges with ease,” Leskin warned.
For defenders, the traditional reliance on network telemetry has lost much of its utility. Encrypted sessions look legitimate, making it nearly impossible to flag anomalies at the packet level. Leskin argues the solution lies in profiling authentic user behaviour.
“Behavioural baselining becomes the only effective countermeasure: profiling how genuine users interact with the site, identifying normal patterns, and flagging deviations,” he said. By focusing on whether activity aligns with meaningful goals, rather than raw traffic volume, enterprises can filter out AI-driven bots that otherwise appear indistinguishable from real customers.
While large enterprises may afford advanced defences, smaller businesses remain especially vulnerable. Leskin points out that antivirus-heavy strategies are no longer viable on their own. “The priority for SMEs is to strengthen the fundamentals. Four measures stand out: strong access control, user-action monitoring, anti-phishing measures, and reliable backups,” he said.
Backups are non-negotiable: “Even if malware succeeds in encrypting files and databases, recovery is still possible, turning a crisis into a temporary setback.”
PromptLock’s ability to compromise multiple operating systems highlights a deeper challenge for endpoint protection. The best strategy, according to Leskin, is strict application control.
“The most effective safeguard for organisations would be to strictly control what software can be installed and executed on endpoints,” he said. Only approved applications from corporate repositories should be allowed. BYOD cultures, where employees use personal laptops and smartphones, make this approach difficult. “Enterprises able to issue and manage all equipment — including corporate phones with enforced policies — should do so. Where this is not feasible, endpoint protection becomes effectively non-existent.”
Surprisingly, Leskin believes large cloud and CDN providers face minimal risk from AI-powered DDoS attacks. “Large cloud and CDN providers are resilient enough and unlikely to be taken down,” he said. “In fact, for them such events may even drive short-term revenue.”
The real burden falls on their customers, who may quickly hit capacity limits or face soaring bills. Smaller ISPs and CDN operators, meanwhile, are more exposed. “They will need to seek cybersecurity partnerships, expand capacity, or risk losing customers through deplatforming when attacks spill over,” Leskin cautioned.
Information-sharing: awareness, not solutions
While cyber threat intelligence (CTI) sharing is often touted as a solution, Leskin notes its limitations. “Information-sharing helps organisations at least become aware of emerging threats and attack vectors, which is valuable in itself. But coordinated threat intelligence has clear limits: practical defence strategies rarely transfer well between organisations with different infrastructures, products, and policies,” he said. For now, CTI serves mainly as early warning, not a direct line to ready-made solutions.
With PromptLock built on open-source AI, questions inevitably arise about regulation and governance. Leskin is skeptical that bans or restrictions will work.
“Attempts to restrict open-source models are unlikely to succeed. History shows it is nearly impossible to stop people from exchanging code, especially when some are willing to break the law to do so,” he said. “In practice, the Pandora’s box is already open and must be treated as such.”
Instead, the focus must shift to resilience: encouraging information-sharing, publishing defensive guidelines, and fostering cross-industry collaboration. “It is too late to rely on bans; the more effective path is to strengthen defences,” Leskin concluded.
The new normal
PromptLock may be just the first of many AI-powered malware strains. Its polymorphic, adaptive design forces organisations to accept that antivirus-based security is no longer adequate. For businesses, the priority is now behavioural defences, resilient backups, strict access control, and pragmatic endpoint policies.
For SMEs, that may feel like a steep climb — but as Leskin makes clear, it is the only way forward in a world where malicious AI is already rewriting the rules of cyber risk.
