Check Point Research (CPR), the threat intelligence arm of cybersecurity solutions pioneer and global leader Check Point Software Technologies Ltd. (NASDAQ: CHKP), has discovered and published analysis of a malware sample generated by DeepSeek.
This sample demonstrated how an AI model autonomously connected theoretical browser risks with a functional ransomware technique. The ransomware operates entirely within the browser, requiring no exploits, app installations, or technical expertise from the attacker.
KEY FIGURES
This marks the first instance of a frontier AI model autonomously linking a theoretically existing browser-specific ransomware risk with a practical, functional attack chain. This newly surfaced attack vector was previously considered impossible by defense experts due to the constraints of browser sandboxes. Expertise is no longer a bottleneck in discovering new attack vectors. In response to these changes, defenders must prepare before threat actors begin widespread exploitation.
AI 'Considers' Instead of Human Attackers
While analyzing approximately 3,000 files on public telemetry data believed to originate from DeepSeek, researchers found a Python Flask application. At first glance, it appeared to be a typical AI hallucination, attempting to cram features like keylogging, credential theft, webcam capture, and a ransomware demand overlay into a single webpage, most of which would be rejected by the browser. However, hidden within the noise was one accurately functioning element: a feature called showDirectoryPicker(). This is a legitimate browser API that allows a webpage to read, modify, and exfiltrate files from a user-selected folder. Even users without specialized knowledge can obtain a prototype by simply describing malicious intent in plain language, making actual platform features they didn't even know existed work for malicious purposes.
From Hallucination to Fully Functional Proof of Concept (PoC)
CPR built and validated a proof of concept (PoC) for this technique in a controlled environment. They used a fake AI photo enhancement tool, "AI Avatar Enhancer," which had the capability to encrypt images within a selected directory using the File System Access API. In tests against DeepSeek V4, the model refused when the word "ransomware" was used directly. However, when neutral phrasing was used, it consistently generated code that functioned as browser-based ransomware. In one response, the model itself described its output as "a clever trap combining a convincing AI upscaler interface with hidden ransomware-like behavior." This workflow functions with a single permission prompt, requiring no APK installation, native payload, browser exploit, or root access.
Android Mobile Users Most at Risk
Chrome 132 introduced full support for the File System Access API for Android. Testing in Chrome 148 confirmed that webpages can request access to the DCIM folder. This folder typically stores years of private photos, scans of identification documents, bank transaction screenshots, medical records, recovery codes, and travel documents. Notably, iOS Safari does not expose the same API, so the aforementioned exploitation method does not apply.
Loss of access to data within this DCIM folder, or its exfiltration, can lead to serious personal or professional problems, ranging from ransomware to blackmail. If the data contains sensitive information, it could also lead to reputational damage if leaked.
Major AI vendors like Anthropic and OpenAI consistently refuse requests related to ransomware, credential theft, and malware implementation. DeepSeek, on the other hand, is less consistent in its responses, is free, and accessible to a broad user base. Tests showed that a single, broad prompt generated a fully functional malicious application. With other models, similar generation would require manual assembly across multiple requests. DeepSeek's low barrier to entry attracts threat actors with limited technical skills.
Recommended Countermeasures
Discovering new attack vectors traditionally required domain knowledge and human creative thinking. AI is fundamentally changing this. Malware generated by AI in the manner described above could transform the threat landscape from one of limited, repeatedly used techniques to one of mass disposable, one-off artifacts, each with unique technical combinations. AI is no longer just used to reimplement existing techniques; it is bridging the gap, turning purely theoretical risks into functional new attacks in ways defenders have never seen.
To stay safe in this new landscape, the following measures are recommended:
Treat browser folder access permission prompts as high-risk security decisions: Verify, for all prompts, the site requesting permission, the folder selected, and whether write access is truly necessary.
Do not allow website access to specific directories: Avoid granting access to main photo libraries, DCIM, or directories containing identification documents, recovery codes, or bank screenshots.
Be cautious with AI-fronted tools and services: For high-value tasks like avatar upscalers and photo enhancement tools, prioritize reputable native apps or established cloud services.
Maintain regular backups: Regularly back up data both offline and in the cloud to ensure encrypted files are not the only copy.
Keep browsers and mobile OS up to date: Along with this, organizations should leverage security solutions that identify and block malicious sites, addressing suspicious permission prompts before they appear.
Eli Smadja, Head of Research at Check Point Research, stated:
"We are witnessing a fundamental shift in how new cyberattacks are born. CPR has now confirmed for the first time that an AI model autonomously reasoned through legitimate platform functions and turned an attack technique, previously only theorized by humans, into something functional. The attacker can achieve this without even knowing the underlying API exists. The barrier to executing complex attacks is crumbling. This has profound implications for organizations integrating AI into their workflows, and for all mobile users who store all their personal and professional information in their photo library. The future of AI security cannot rely solely on expecting models to refuse obviously malicious requests. We must prepare for a reality where new attack techniques emerge not from human researchers, but as a single, serendipitous correct answer within AI hallucinations. Organizations need to prepare for this new reality by strengthening their delivery layers, rethinking permission-based trust, and treating every browser prompt as a security decision. By starting these measures now, they can maintain an advantage over other organizations."
This press release is based on a blog post published on July 1, 2026, US time.
About Check Point Research
Check Point Research provides market-leading intelligence about the cyber threat landscape, transforming the threat intelligence into security solutions. It serves the Check Point customers, the global threat research community, and the industry at large. The research is driven by the Check Point ThreatCloud AI, the industry's largest cloud-based threat intelligence network, providing real-time protection to hundreds of thousands of organizations worldwide. Check Point Research is comprised of more than 100 analysts and researchers, working with leading cybersecurity vendors, law enforcement, and CERTs.
Blog: https://research.checkpoint.com/
X: https://x.com/_cpresearch_
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and enterprises globally. It protects customers from 4 generations of advanced cyber threats that enableאת the theft of sensitive data, disruption of critical services and loss of IT assets. Check Point is the only vendor to provide open, decentralized security across the entire IT infrastructure, including: network, endpoint, cloud, mobile and more. Check Point protects over 100,000 organizations of all sizes. Check Point Software Technologies Ltd. is a wholly owned subsidiary of Check Point Software Technologies Inc. (NASDAQ: CHKP). The Japanese subsidiary, Check Point Software Technologies Co., Ltd. (https://www.checkpoint.com/jp/), was established on October 1, 1997, and is based in Minato-ku, Tokyo.
Social Media Accounts
・Check Point Blog: https://blog.checkpoint.com
・Check Point Research Blog: https://research.checkpoint.com/
・YouTube: https://youtube.com/user/CPGlobal
・LinkedIn: https://www.linkedin.com/company/check-point-software-technologies/
・X: https://x.com/checkpointjapan
・Facebook: https://www.facebook.com/checkpointjapan
Legal Notice Regarding Forward-Looking Statements
This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements by terminology such as "may", "will", "should", "expects", "plans", "anticipates", "could", "intends", "subject to", "believes", "estimate", "predict", "potential", or "continue", or the negative of such terms or other comparable terminology. These forward-looking statements include, but are not limited to, statements regarding our outlook on Check Point's products and solutions, future growth, expanding industry leadership, increasing shareholder value, and our vision for delivering the world's leading cybersecurity platform to customers worldwide. The realization of our expectations and beliefs regarding these matters could be affected by a number of risks and uncertainties, and consequently, actual results or events could differ materially from those projected in the forward-looking statements. These risks and uncertainties include, but are not limited to, those described in our filings with the U.S. Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the SEC on March 31, 2026. The forward-looking statements contained in this press release are based on information available to Check Point as of the date hereof, and Check Point does not undertake any obligation to update forward-looking statements, unless required by law.
Media Contact
Check Point Public Relations Office (c/o NEXT PR LLC)
Tel: 03-4405-9537 Fax: 03-6739-3934
E-mail: checkpointPR@next-pr.co.jp
FACT BOX
- Source: PR TIMES
- Category: 技術News
- Organizations: Check Point Research / DeepSeek / Anthropic