Artificial Intelligence malware manages to bypass Microsoft Defender, as demonstrated by an open-source language model that eludes the security tool approximately 8% of the time after undergoing three months of training.
The cybersecurity industry is undergoing a significant transformation, with artificial intelligence (AI) being heralded as a game-changer for the security landscape. This shift was recently demonstrated by Outflank, a red team of experienced professionals who specialize in assessing resilience against advanced threats and training security teams for enhanced incident response.
Researchers from Outflank have developed an AI malware that can bypass Microsoft Defender, a concern that highlights the evolving nature of cyber threats. According to their findings, this malware can bypass Defender about 8% of the time, a performance that compares favorably to other models. For instance, Anthropic's AI and DeepSeek's can do the same less than 1% and less than 0.5% of the time, respectively.
The potential exists for cybercriminals with a surplus of GPUs to improve the performance of AI malware like the one developed by Outflank. As machine learning researchers have been using reinforcement learning since the '90s to improve the effectiveness of their models, it is possible that these malicious actors could devote more time and money to this pursuit.
However, it's important to note that one person falling for a social engineering attack is still enough to disrupt a company's operations. The concern about 'vibe hacking' is less significant compared to these issues.
The effectiveness of Microsoft Defender is expected to improve over time to counter AI malware like the one developed by Outflank. This improvement is crucial, as the effectiveness of models like the one developed by Outflank is expected to improve over time as well.
In August 2025, the AI malware developed by Outflank will be showcased at Black Hat, a prominent cybersecurity event. The details of the malware's creation are known, with Kyle Avery, Outflank's principal offensive specialist lead, training an open-source Qwen 2.5 LLM to bypass Microsoft Defender, spending three months and approximately $1,500.
It's worth mentioning that there are no publicly available details identifying a specific person who developed AI-based malware successfully working against Microsoft Defender in 2023 and 2024. Known threat actors like the group Storm-0501 have evolved ransomware tactics targeting Microsoft environments, but no individual developer or affiliated sub-company has been named in association with AI-based malware for these years.
In a related development, Microsoft Notepad now supports Markdown, a lightweight markup language that allows for the formatting of text using a plain-text syntax. This update could potentially aid in the creation and analysis of AI malware.
Finally, it's important to remember that while AI malware poses a significant threat, it also offers opportunities for cybersecurity professionals to stay ahead of the curve and develop more robust defenses. The cat-and-mouse game between attackers and defenders continues, and the stakes have never been higher.
