Software developers have widely adopted “artificial intelligence” language models for code generation, reaping significant productivity benefits alongside some concerning consequences. Unsurprisingly, hackers and malware authors are following suit.
Recent reports indicate that several active malware attacks have involved code that is at least partially generated by AI. BleepingComputer highlights various incidents where suspected AI-written code was utilized, with findings from Proofpoint and HP suggesting that these tools have lowered the technical barriers typically associated with large-scale malware development—essentially democratizing hacking.
The attacks have employed relatively simple vectors such as HTML, VBScript, and JavaScript, resulting in broader, less targeted malware. This approach proves most effective when concealed within ZIP files or other conventional delivery methods.
Power users have long been cautious about such threats, and rightly so, given the history of similar attacks that predate AI technology. More complex and targeted attacks, like the recent PKfail incident, likely remain out of reach for this kind of AI-generated code for now.
However, the potential for simpler attacks to proliferate among web users is a growing concern. This situation demands heightened vigilance, especially among Windows users, and underscores the importance of robust virus and malware protection.
My primary worry lies in the combination of skilled malware developers leveraging AI generation tools. While training AI to write sophisticated code may be challenging, a talented developer can use AI to streamline their processes, significantly boosting their efficiency. As always, keep your antivirus scanners updated and avoid downloading files from untrusted sources.