Skynet? Not Quite -But Closer Than You'd Think

 

AI‑Native Malware: The Emerging Reality Behind Adaptive Cyber Threats

As AI becomes woven into everyday tools and workflows, the cyber threat landscape is evolving alongside it. One of the most significant shifts is the emergence of AI‑native malware malicious software that doesn’t just use AI during development but actively integrates AI models into its runtime behaviour.

This isn’t science fiction anymore. While we’re not facing a fully autonomous “Skynet” scenario, recent discoveries show that adaptive, AI‑driven malware is already operating in the wild. The question is no longer if AI‑native malware will exist, but how quickly it will mature and what that means for defenders.

 What Makes Malware “AI‑Native”?

AI‑Assisted Malware

Traditional malware created with help from AI tools such as LLMs. Attackers may use AI to:

• Write phishing content

• Generate exploit code

• Speed up reconnaissance

But the malware itself behaves conventionally.

This aligns with Recorded Future’s AI Malware Maturity Model (AIM3):

(https://www.recordedfuture.com/blog/ai-malware-maturity-modelAI‑Native Malware)

Malware that:

• Uses AI models during execution

• Generates commands or code dynamically

• Adapts to the victim environment

• Alters behaviour without redeployment

This corresponds to AIM3 Levels 3–4, where AI becomes part of the operational kill chain.

 

Real‑World AI‑Native Threats Identified in the Last 12 Months

1. LAMEHUG (PROMPTSTEAL) AI‑Driven Command Generation

LAMEHUG is one of the first publicly documented malware families to integrate an LLM directly into its attack chain. Attributed to APT28, it uses the Hugging Face API to query the Qwen 2.5‑Coder‑32B‑Instruct model during execution.

It:

• Analyses the victim’s environment

• Sends prompts to the LLM

• Receives dynamically generated Windows commands for reconnaissance and data theft

References:

Splunk STRT analysis:

(https://www.splunk.com/en_us/blog/security/lamehug-ai-powered-malware-analysis.html)

BleepingComputer coverage:

(https://www.bleepingcomputer.com/news/security/apt28-malware-uses-ai-to-generate-windows-commands/ )

 

2. PROMPTFLUX AI‑Powered Self‑Rewriting Malware

PROMPTFLUX is a VBScript dropper identified by Google’s Threat Intelligence Group (GTIG). Its standout feature is a component called “Thinking Robot”, which interacts with the Gemini API to rewrite its own code.

Key behaviours:

• Requests new obfuscated versions of itself

• Regenerates code as often as every hour

• Drops new variants into the Windows Startup folder

This represents AI‑driven polymorphism, far more dynamic than traditional mutation engines.

References:

Google Threat Intelligence Group report:

(https://blog.google/threat-analysis-group/ai-powered-threat-evolution/)

The Register summary:

(https://www.theregister.com/2025/01/14/google_ai_malware_promptflux/)

 

3. S1ngularity Supply‑Chain Attack Using AI Tools for Secret Discovery

The S1ngularity incident involved malicious npm packages published after attackers exploited a vulnerable GitHub Actions workflow in the Nx project.

Important clarifications:

• The GitHub Actions vulnerability was exploited manually, not by AI.

• The malicious packages used local AI CLI tools (Claude, Gemini, Q) to search for and extract secrets from infected systems.

• AI was used for post‑exploitation data discovery, not autonomous exploitation.

This still qualifies as AI‑native behaviour because the malware invoked AI tools at runtime.

References:

Wiz Research deep‑dive:

(https://www.wiz.io/blog/s1ngularity-npm-supply-chain-attack)

Nx Security Incident Postmortem:

(https:/nx.dev/blog/security-incident-analysis)

SecurityWeek coverage:

(https://www.securityweek.com/malicious-npm-packages-abused-ai-tools-to-steal-secrets/)

 

Why This Still Isn’t “Skynet”

1. API Dependency

Most AI‑native malware relies on external LLM APIs (Hugging Face, Gemini, OpenAI).

This creates:

• Detectable outbound traffic

• A single point of failure

• Opportunities for defenders to block or monitor LLM usage

Reference:

Google TAG

(https://blog.google/threat-analysis-group/ai-powered-threat-evolution/)

 

2. Human‑in‑the‑Loop Reality

Even advanced AI‑assisted operations documented by major vendors still require human oversight for:

• Prompt engineering

• Target selection

• Escalation decisions

We are not yet at fully autonomous AIM3 Level 5 operations.

Reference:

Google Blog

(https://blog.google/threat-analysis-group/ai-threat-landscape/ )

 

 

3. AI Is a Force Multiplier, Not a New Class of Super‑Malware

Current AI‑native threats:

• Accelerate existing attack chains

• Improve adaptability

• Lower the skill barrier

But they do not yet represent a fundamentally new, unstoppable threat category.

Reference:

Techcrunch.com

(https://techcrunch.com/2025/01/15/google-warns-ai-is-being-used-in-malware/)

 

What This Means for Defenders

1. AI Governance

Policies for internal AI usage reduce the risk of shadow AI and exposed API keys.

2. AI Usage Detection

Monitor for suspicious outbound LLM API calls, including to:

• Hugging Face

• Gemini

• OpenAI

3. Behaviour‑Based Detection

AI‑driven polymorphism makes signature‑based AV increasingly ineffective.

Prioritise:

•   EDR/XDR

•   Behavioural analytics

•  Network‑level AI‑usage monitoring

 

Conclusion

AI‑native malware is no longer theoretical. Early examples like LAMEHUG and PROMPTFLUX show how attackers are already integrating AI models into malware to increase adaptability, stealth, and operational flexibility.

We are still some distance from fully autonomous AI‑driven cyber threats but the foundations are being laid now. Organisations must prepare for a rapidly evolving threat landscape where AI is not just a tool for attackers, but an active component of the malware itself.