The breakthrough system achieved a precision rate of 0.98 and a recall of 0.83 during testing on Windows drivers, marking a significant advancement in cybersecurity automation.
Project Ire represents the first AI system to author a conviction case strong enough for automatic malware blocking, successfully identifying advanced persistent threat (APT) samples that Microsoft Defender
Key Takeaways
1. Project Ire automatically analyzes and identifies malware using advanced decompilation tools.
2. Achieved 98% precision in testing with only 4% false positives on challenging real-world samples.
3. Deploying across Microsoft Defender's 1 billion device network to automate threat detection.
Project Ire operates through a sophisticated toolkit of reverse engineering instruments, including the angr framework, Ghidra decompiler, and Microsoft’s proprietary memory analysis sandboxes based on Project Freta.
The system constructs detailed control flow graphs to map software behavior, enabling comprehensive binary analysis without human intervention.
Through its tool-use API, Project Ire can invoke specialized functions to examine file structures, reconstruct execution paths, and identify malicious code patterns.
The AI agent employs iterative function analysis, systematically examining each component while building a “chain of evidence” for auditable decision-making.
This approach allows the system to handle complex samples like Trojan:Win64/Rootkit.EH!MTB (SHA256: 86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62), where it successfully identified kernel-level rootkit behaviors including process termination functions and HTTP command-and-control communications.
During evaluation against nearly 4,000 “hard-target” files that stumped automated systems, Project Ire achieved 0.89 precision with just a 4% false positive rate.
The system correctly classified samples like HackTool:Win64/KillAV!MTB (SHA256: b6cb163089f665c05d607a465f1b6272cdd5c949772ab9ce7227120cf61f971a), identifying functions that terminate antivirus processes by searching for specific executable names, including ‘avp.exe’ and ‘360Tray.exe’.
Project Ire’s validator tool cross-references findings against expert knowledge, ensuring accuracy in complex scenarios.
When analyzing anti-debugging mechanisms involving software interrupts (int 0x29 and int 0x3), the system appropriately flagged uncertain claims for human review, demonstrating sophisticated uncertainty handling.
The prototype will be deployed as Binary Analyzer within Microsoft’s Defender organization, addressing analyst burnout and standardizing threat classification across global operations.
Built on the same agentic foundation as GraphRAG and Microsoft Discovery, Project Ire leverages large language models with specialized security expertise.
Microsoft’s collaboration with Emotion Labs contributed crucial innovations in cyber autonomy, while the system incorporates multiple open-source tools, including decompilers and binary analysis frameworks.
The ultimate goal involves detecting novel malware directly in memory at a global scale, transforming how organizations defend against evolving cyber threats through autonomous AI-driven analysis.
Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial
The post Microsoft’s New AI Agent Project to Detect Malware with Reverse Engineering Tools appeared first on Cyber Security News.
Animated Icons is an animated icon library that you can easily use as components in…
Service platforms like CloudFlare have long been heralded for providing robust protection for legitimate websites,…
Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access…
A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions…
Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to…
James Gaffney doesn’t think Warner should spend more money than it has. He was behind…
This website uses cookies.