"In late 2025, Google's Threat Intelligence Group confirmed that cybercriminals are already deploying AI‑powered malware that rewrites and adapts its own code during execution, marking a watershed shift in offensive capabilities. One notable example, PROMPTFLUX, uses real‑time interaction with Google's Gemini model to dynamically regenerate its VBScript payload to evade detection and persistence mechanisms mid‑attack - a level of autonomous adaptation unseen in conventional malware families."
Security Operations Centers have long relied on continuous human monitoring, alert triage, and incident investigation. Modern SOC workflows remain largely human-centric, requiring analysts to pivot between tools, enrich alerts manually, and validate detection rules. Vendors market AI SOC capabilities such as autonomous investigations and proactive response, but these outcomes often remain aspirational. Evidence from practitioner and community research indicates AI can assist analysts yet rarely replaces human effort or autonomously resolves incidents, largely due to limited contextual understanding. Meanwhile, attackers operate at machine speed, including AI-powered malware that rewrites and adapts code during execution to evade detection and persistence. Examples include malware that regenerates payloads in real time using external AI models.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]