Artificial intelligence-driven malware evades Microsoft Defender's security scrutiny approximately 8% of the time, following mere 3 months of training and reinforcement learning at a cost of roughly $1,600.
In a groundbreaking development, AI-generated malware has demonstrated a notable ability to bypass Microsoft Defender for Endpoint, achieving success about 8% of the time. This breakthrough was led by Kyle Avery, principal offensive specialist at cybersecurity firm Outflank, who spent roughly three months and $1,500 training an open-source language model to evade Defender’s security measures effectively.
Avery's approach, which involved incorporating API querying and feedback from Defender's alerts to iteratively refine the AI’s outputs, proved to be significantly more effective than other AI models. Anthropic’s AI and DeepSeek’s model manage to bypass Microsoft Defender less than 1% and around 0.5-1.1% of the time, respectively.
The essence of Avery’s method involved making the generated malware less likely to trigger detection by using an API to query and retrieve alerts, and then using reinforcement learning to refine the AI’s outputs. This iterative feedback loop played a crucial role in enhancing the malware's evasion capabilities.
Researchers like DeepSeek, a cybersecurity company focused on analyzing AI's impact on threats, have also been exploring how AI can be harnessed in cyber offense and defense. Their AI models currently show lower evasion rates but point to a rising trend in attacker sophistication powered by AI.
These advancements, slated for public demonstration at Black Hat 2025, signal a warning for the cybersecurity community: AI-powered malware will become more capable and efficient with additional resources, computing power, and training time. Defense tools will have to adapt quickly to counteract these evolving threats.
In summary:
| Researcher / Model | Bypass Rate vs Microsoft Defender | Notes | |------------------------|----------------------------------|--------------------------------------------| | Kyle Avery (Outflank) | ~8% | Trained Qwen 2.5 LLM with reinforcement learning; $1,500 investment over 3 months | | Anthropic AI | <1% | Less effective at bypass | | DeepSeek | ~0.5-1.1% | Lower bypass success but indicative of trend |
The key takeaway is that AI-generated malware is becoming substantially more effective at evading endpoint security like Microsoft Defender, albeit still far from perfect. As AI capabilities grow, so too will the cybersecurity arms race between attackers and defenders.
The success of AI-driven malware could potentially lead companies like Microsoft to up their security solutions in response to increasingly sophisticated AI scams and malware. At this point, companies have no choice but to respond to the growing threat of AI-driven malware.
Creative hackers have already found ways to bypass sophisticated security systems, including lowering ChatGPT's guardrails to generate valid Windows 10 activation keys. As AI technology continues to advance, it is expected that both attackers and defenders will continue to innovate and adapt their strategies.
- The groundbreaking development in AI-generated malware has demonstrated an ability to bypass Microsoft Defender for Endpoint approximately 8% of the time.
- Kyle Avery, from cybersecurity firm Outflank, spent three months and $1,500 to train an open-source language model to evade Defender's security measures effectively.
- The expansion of AI's impact on threats is being studied by researchers like DeepSeek, a company focused on analyzing AI in cyber offense and defense.
- At Black Hat 2025, AI-powered malware evasion capabilities are expected to be demonstrated, signaling a warning for the cybersecurity community.
- Companies like Microsoft may respond to the growing threat of AI-driven malware by upgrading their security solutions to counter increasingly sophisticated AI scams and malware.
- As AI technology advances, both attackers and defenders are expected to continue innovating and adapting their strategies, including finds like creative hackers lowering ChatGPT's guardrails to generate valid Windows 10 activation keys.
