AI-generated malware poses little real-world threat, contrary to hype

In a recent disclosure, Google unveiled five malware samples generated through generative AI, revealing that their effectiveness is markedly inferior to that of conventional malware. This analysis underscores the fact that while the concept of AI in malicious software is intriguing, the actual execution remains far behind established methodologies, indicating that it is not currently a significant threat to real-world systems. One notable sample, named PromptLock, was part of an academic investigation aimed at evaluating the potential of large language models to autonomously orchestrate ransomware attacks. However, the findings highlighted substantial shortcomings, including a lack of persistence, lateral movement capabilities, and sophisticated evasion techniques. Researchers concluded that the sample primarily served as an illustration of the possibilities AI could offer, rather than a practical tool for cybercriminals. Before the study's publication, security company ESET labeled PromptLock as the first AI-driven ransomware. Nevertheless, Google’s assessment, which also included samples like FruitShell, PromptFlux, PromptSteal, and QuietVault, revealed that these malware variants were easily identifiable, even by basic endpoint protections that utilize static signatures. All samples relied on previously established strategies found in earlier malware, making them straightforward to counteract and posing no operational challenges that would necessitate new defensive measures. Kevin Beaumont, an independent researcher, remarked on the slow pace of threat development in the context of generative AI. He noted that after three years of advancements in this field, the progress in malware creation is disappointingly sluggish. He suggested that if individuals were compensating malware developers for their work, they would likely demand refunds, as the current output does not represent a credible threat. Another malware expert, who preferred to remain anonymous, concurred with Google’s findings, stating that generative AI has not provided any substantial advantage to malware creators relying on traditional techniques. "AI isn’t producing any more dangerous malware than what we've seen before; it merely assists malware authors in their work. It may improve over time, but predicting the extent and timing of that enhancement is uncertain," the expert added.