In context: Criminal organizations running ransomware operations are experimenting with new scare tactics to pressure victims into paying. Now, one particular group has taken it a step further, targeting AI training as a potential threat when it comes to commissioned artwork.

The Artists&Clients website was recently compromised by the LunaLock ransomware group, putting users at risk of a significant privacy breach if the company does not pay the ransom. Even more concerning, the criminals warned that the stolen content could be sold directly to "AI companies" for training large language models.

Artists&Clients presents itself as a platform where human artists can connect with potential clients and manage commissions, but explicitly excludes AI involvement. The site was hacked around August 30, when a threatening message appeared on its homepage.

The message confirmed that all files had been encrypted and the site breached, a standard tactic for ransomware attacks. The criminals demanded a payment in Bitcoin or Monero, starting at $50,000. They promised that, once paid, the data would be deleted and the files decrypted.

If the ransom is not paid, the criminals vow to leak the files and personal data. This could result in privacy violations and potential GDPR breaches in the EU. Additionally, the LunaLock gang explicitly claims that all the artwork stored on Artists&Clients' servers will be submitted to AI companies' training datasets.

LunaLock has not detailed how this submission would occur. In practice, the criminals could simply place an open database online, leaving it vulnerable to AI crawlers. According to security researcher Tammy Harper, this is the first known instance of a ransomware group explicitly using AI training as a threat to extort victims.

The Artists&Clients website is currently offline, and users are understandably concerned about the potential consequences of the breach. Hackers could have access to artwork, client messages, and even payment information. So far, the platform has issued no official statement regarding the incident. Harper noted that LunaLock's scare tactic could be particularly effective on creators, many of whom are strongly opposed to their work being used for AI training without compensation.