7 days ago
Microsoft says its new AI Agent can spot and block malware on its own
Microsoft has unveiled a new artificial intelligence system that can independently detect and block malware, without any human assistance. Called Project Ire, this prototype agent is designed to reverse-engineer software files and determine whether they are safe or harmful, marking a major step forward in cybersecurity. According to Microsoft's blog post, Project Ire can fully analyse a software file even if it has no prior information about the file's source or purpose. It uses decompilers and other advanced tools to scan the code, understand its behaviour, and decide whether it poses a risk. The tool is the result of a joint effort between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & kind of work has traditionally been done manually by expert analysts, which can be slow and exhausting,' Microsoft explained. Security researchers often suffer from alert fatigue and burnout, making it hard to maintain consistency across large-scale malware Ire stands out from other AI security tools because malware classification is particularly difficult to automate. There is no clear-cut way for a machine to verify its decisions, and many traits of malicious software can also appear in legitimate programs. This makes it hard to train a system that is both accurate and reliable.
To tackle this, Microsoft equipped Project Ire with a system that builds what it calls a 'chain of evidence', a step-by-step trace showing how the agent reached its conclusion. This audit trail allows human experts to later verify its findings and improves accountability in case of Ire's analysis begins with triaging the file type and structure, then reconstructing its control flow using tools like Ghidra and angr. It can then call different tools through an API to summarise each code function, adding the results to its evidence tested the agent in two key evaluations. In one trial, it analysed a dataset of Windows drivers, some malicious, others safe. The AI correctly identified 90 per cent of the files, with only 2 per cent of the safe files wrongly flagged as threats. This gave Project Ire a precision score of 0.98 and a recall of a tougher real-world test, Microsoft gave the AI nearly 4,000 complex files that had not yet been reviewed by any other automated systems. These files were meant for manual inspection by experts. Even under these conditions, Project Ire achieved a high precision score of 0.89, with a false positive rate of just 4 per fact, Project Ire was the first reverse engineer, human or machine, at Microsoft to produce a malware detection case strong enough to justify automatic blocking of an advanced persistent threat (APT) sample. That malware has now been neutralised by Microsoft Defender.- EndsTune InMust Watch
