Search papers, labs, and topics across Lattice.
This study introduces an experimental framework designed to evaluate the offensive capabilities of AI-generated PowerShell malware, utilizing a novel sandbox approach for dynamic analysis. By creating a curated dataset of real-world PowerShell malware annotated in natural language, the research facilitates the training and evaluation of language models in the context of cybersecurity threats. The findings indicate a concerning similarity between real malware and that generated by open-weight LLMs, with a median Jaccard index of 84.5%, highlighting the potential risks posed by generative AI in malicious contexts.
LLM-generated PowerShell malware exhibits an alarming 84.5% similarity to real-world threats, underscoring a new frontier in cybersecurity risks.
Generative AI has emerged as a significant cybersecurity threat, with several recent attack campaigns leveraging LLMs to generate code for malicious purposes via scripting languages such as PowerShell. Consequently, for cybersecurity analysts, it is imperative to investigate the offensive capabilities of AI code generators. In this paper, we propose an experimental framework to assess LLM-generated PowerShell malware, which comprises a novel sandbox approach for dynamic analysis of AI-generated malware. Furthermore, we present a novel, manually curated dataset of real-world PowerShell malware, annotated in natural language to assist the training and evaluation of LLMs. Finally, this study evaluates permissive, open-weight LLMs adapted to PowerShell malware generation. Our results reveal a high degree of similarity between real malware and LLM-generated ones in terms of triggered OS malicious events, with a median Jaccard index of 84.5% and 48.4% of instances achieving complete overlap.