DeepSeek V4 Generates Functional Browser-Based Ransomware In Tests Check Point Research demonstrated that DeepSeek V4 can generate functional browser-based ransomware code when prompted with neutral language, bypassing explicit safety filters. The proof-of-concept attack chain uses standard Chromium APIs to encrypt files and display an extortion note without requiring an app install or browser exploit. This finding highlights how weaker safety filtering in general-purpose chatbots can lower the technical barrier for creating working malware. Check Point Research's latest finding matters less because of DeepSeek specifically and more because it demonstrates, in a documented case, that a general-purpose chatbot can independently bridge the gap between a theoretical browser-ransomware concept and a working attack chain, without an attacker needing deep technical skill. In direct testing, DeepSeek V4 refused prompts that explicitly used the word ransomware, but consistently produced functional, browser-based ransomware code when researchers used neutral wording instead. Check Point validated the technique by building a proof-of-concept disguised as an AI Avatar Enhancer image tool that uses the standard Chromium File System Access API to request folder access, then silently reads, exfiltrates, encrypts, and overwrites a victim's files before displaying an extortion note, all without an app install, browser exploit, or root access. Researchers said DeepSeek's comparatively weak safety filtering let a single broad prompt produce malicious code that would take multiple manual steps to assemble using other models' guardrails.