Skip to content
AI Security Wire

file-system-access-api

img of Browser-Only Ransomware Exploits LLM Hallucinations and File System API
5 min read
News Brief

Check Point Research demonstrates a complete browser-based ransomware chain requiring no native payload or installation. A fake AI enhancement tool tricks users into granting File System Access API permissions, then enumerates, exfiltrates, and encrypts local files entirely within the browser. DeepSeek showed significantly weaker resistance to generating this technique than OpenAI or Anthropic models.