{"id":8609,"date":"2026-06-26T16:27:02","date_gmt":"2026-06-26T16:27:02","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8609"},"modified":"2026-06-26T16:27:02","modified_gmt":"2026-06-26T16:27:02","slug":"malware-authors-subvert-ai-detection-systems","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8609","title":{"rendered":"Malware authors subvert AI detection systems"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach.<\/p>\n

Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post<\/a> from security company SentinelLabs.<\/p>\n

SentinelLabs thinks it knows who\u2019s responsible for the malware, which attacks MacOS systems. \u201cApple\u2019s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs associates the BONZAI signature family with North Korean threat activity,\u201d the company wrote.<\/p>\n

It\u2019s calling the malware macOS.Gaslight.<\/p>\n

This is not the first example of malware specifically targeting AI-generated analysis. As SentinelLabs noted, Checkpoint first documented such an approach<\/a> exactly a year ago. And Socket followed suit with a report of a payload<\/a> that also used code to evade detection by AI models.<\/p>\n

This new generation of threats was mentioned in the OPSWAT report, The State of File Security<\/a> and cybersecurity experts are warning<\/a> that AI-supported protection is not always the answer.<\/p>\n

SentinelLabs would certainly agree with that view. \u201cAs LLM-assisted analysis<\/a> becomes routine, defenders should expect more samples built to exploit it,\u201d it wrote.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs. SentinelLabs thinks it knows who\u2019s responsible for the malware, […]<\/p>\n","protected":false},"author":0,"featured_media":8610,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8609","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8609"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8609"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8609\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8610"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}