# DeepSeek V4 Generates Functional Browser-Based Ransomware In Tests

> Source: <https://letsdatascience.com/news/deepseek-v4-generates-functional-browser-based-ransomware-in-274789d0>
> Published: 2026-07-03 22:20:47+00:00

Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill. In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead. Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access. Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.
