Microsoft unveils AI agent that can autonomously detect malware
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Microsoft unveiled a prototype for a new, fully autonomous AI agent today that can automate the biggest hurdles in detecting malware.
Why it matters: The tool is a breakthrough for cyber defenders, who spend hours studying and assessing suspicious files on their networks.
Zoom in: Microsoft's new Project Ire can analyze and classify software "without assistance," according to a blog post published Tuesday.
- That analysis and classification is the "gold standard" for malware detection, the blog adds.
Context: Typical malware detection relies on a skilled analyst who can take a potentially tainted software file and pick it apart until they uncover its origins.
- This can take hours and be taxing for analysts, who might have to dig through hundreds of files to see if they're malicious.
- But automating this task is incredibly difficult: AI struggles to make nuanced judgment calls about a program's intent or maliciousness, especially when its behavior is ambiguous or dual use.
Between the lines: Project Ire is combatting those limitations in a couple ways.
- First, the agent is running on a system that has broken up malware analysis into different layers, meaning the tool is reasoning only in stages, rather than risking overload by trying to do everything at once.
- Second, the tool is running on a wide range of tools, including sandboxes of Microsoft memory analysis, custom and open-source tools, documentation search, and multiple decompilers.
The intrigue: During a real-world test of Project Ire on nearly 4,000 files flagged by Microsoft Defender, nearly 9 out of 10 files that the agent flagged as malicious were actually malicious.
Yes, but: Project Ire caught only about a quarter of all malicious files on the system in the test.
- "While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment," Microsoft noted in the post.
The big picture: This is likely just the start of advancements of AI agents in cybersecurity.
- Google started previewing a similar malware analysis agent earlier this year.
What's next: Microsoft plans to integrate Project Ire into Microsoft Defender to help "scale the system's speed and accuracy."
