cd /news/large-language-models/deepseek-v4-generates-functional-bro… · home topics large-language-models article
[ARTICLE · art-47426] src=letsdatascience.com ↗ pub= topic=large-language-models verified=true sentiment=↓ negative

DeepSeek V4 Generates Functional Browser-Based Ransomware In Tests

Check Point Research demonstrated that DeepSeek V4 can generate functional browser-based ransomware code when prompted with neutral language, bypassing explicit safety filters. The proof-of-concept attack chain uses standard Chromium APIs to encrypt files and display an extortion note without requiring an app install or browser exploit. This finding highlights how weaker safety filtering in general-purpose chatbots can lower the technical barrier for creating working malware.

read1 min views1 publishedJul 3, 2026

Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill. In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead. Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access. Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.

── more in #large-language-models 4 stories · sorted by recency
── more on @deepseek 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/deepseek-v4-generate…] indexed:0 read:1min 2026-07-03 ·