Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach.
Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs.
SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs associates the BONZAI signature family with North Korean threat activity,” the company wrote.
It’s calling the malware macOS.Gaslight.
This is not the first example of malware specifically targeting AI-generated analysis. As SentinelLabs noted, Checkpoint first documented such an approach exactly a year ago. And Socket followed suit with a report of a payload that also used code to evade detection by AI models.
This new generation of threats was mentioned in the OPSWAT report, The State of File Security and cybersecurity experts are warning that AI-supported protection is not always the answer.
SentinelLabs would certainly agree with that view. “As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it,” it wrote.
Maxwell began writing about technology in 1984, when mainframes ruled the world. Since then he has written for just about every business computing title in the UK, and for a few in the US, covering everything from Artificial intelligence to Zero-day exploits and all points in between. He has also been editor-in-chief of several award-winning titles, including Network Week, Techworld, and Cloud Pro, and a regular contributor to Whatsonstage.com. In his spare time he coaches a junior rugby team.
Leave a Reply