Agentic AI Malware: Why the Cybersecurity Battle Isn’t Over
Unknown
BSides Las Vegas 2025 · Day 1
**Candid West** opens with a deliberately skeptical frame: headlines suggest **agentic AI malware** has ended the defensive game—**self-adapting** implants that bypass everything—yet **telemetry** and **sample volume** curves do not show the predicted explosion. The talk separates **AI-generated malware** (LLMs used as coding assistants) from **AI-powered malware** (models invoked at runtime), then walks examples of **metamorphic** LLM-driven code mutation, **in-the-wild** command generation (**LameHog** / **A28** attribution discussed with **Microsoft**/**OpenAI** commentary), and a personal research system named **Utani Loop** that uses **PowerShell**, **low-temperature** sampling, **registry** prompt storage, and optional **multi-agent** orchestration via **named pipes**. The conclusion is measured: **AI accelerates** attacker **iteration** and **planning**, but **behavioral** defenses, **network observability** for LLM API traffic, and **EDR** maturity still bite—especially when implants get “creative” enough to touch half the **MITRE** matrix in a week.
AI review
A grounded debunking of agentic-malware hype with concrete threat taxonomy, real incident anchors, and a credible homemade multi-agent demo—exactly the sanity check this subfield needs.