Arctic Wolf Labs analyzed over 22,000 AI‑assisted malware samples to measure how broadly threat actors have adopted AI. While AI is accelerating malware development, the core behaviors needed for execution, persistence, and C2 remain detectable with layered defenses.

Alongside the extensive DeepSeek fingerprints, we observed a high degree of novelty in the dataset. Approximately 39% of analyzed samples had zero detections by signature‑based antivirus engines at the time of collection, evidence that AI-assisted development is producing code with no existing signature fingerprint. When we examined attribution separately, only 1.4% of AI‑assisted samples mapped to known threat groups, showing that the surge in new malware is being driven largely by unknown or lower‑skill actors, not mature clusters; expanding volume more than sophistication.

  • Brkdncr@lemmy.worldOPEnglish
    2·
    2 days ago

    obviously this is marketing for arctic wolf, but their research and the information they provide in the blog post is interesting. Their EDR platform they talk about used to be Cylance, which they bought off of BlackBerry. Honestly BlackBerry fumbled that product after they bought it.