Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill. In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead. Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access. Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.
2 TB of Ukrainian Law + DeepSeek V3 860B on GCP: What We'd Get