AI malware could beat Microsoft Defender up to 8 percent of the time

Generative “AI” isn’t just useful for stealing from artists and writers—it’s also giving malware a boost in its ability to iterate and spread. According to hackers at this year’s upcoming Black Hat conference, some of the newest stuff can defeat Microsoft Defender (the default security suite for a billion or two Windows machines) up to 8 percent of the time.

Dark Reading (via Tom’s Hardware) reports that a security researcher will present the system at the Black Hat security conference in Las Vegas next month. (Black Hat Briefings are ostensibly legitimate, not actually criminal, though Wikipedia reports that the presence of genuine hackers has resulted in “antics.”) Kyle Avery of Outflank will reportedly show off a lightweight language model designed specifically to evade Microsoft Defender, the free built-in security for Windows 10 and Windows 11.

Eight percent might not seem alarming, and it’s not as if this would be the first time Defender was defeated. But it would be a huge leap forward in AI-powered malware’s core capability, an order of magnitude more reliably dangerous than the malware you can “vibe code” with current models. But expand that to 1.4 billion active Windows machines in the world, and power it up by the scale that AI-powered automation software could enable, and it suddenly becomes a lot more serious. Let’s say that this yet-to-be-detailed system was deployed at a large enough scale to access one in every 10 of those machines. That’s an audience of 140 million, resulting in over 11 million PCs compromised.

The system is built on an open-source language model and trained on data for $1,500 over three months, according to its designer. If true, that’s a trivially small amount of time and money for the result. A “build your own black hat AI hacker” kit could be distributed easily, in the same way that current plug-and-play malware is passed around.

The fact that Avery will present his findings at a security conference means Microsoft should have some time to work around it, to identify and mitigate its most threatening components. I hope Redmond has enough people left after its recent massive layoffs to pay attention in Las Vegas.