U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft unveils Project Ire: AI that autonomously detects malware

Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the […]

Microsoft YellowKey

Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign.

Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software.

Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the nature of the software.

“Today, we are excited to introduce an autonomous AI agent that can analyze and classify software without assistance, a step forward in cybersecurity and malware detection.” reads the announcement. “The prototype, Project Ire, automates what is considered the gold standard in malware classification: fully reverse engineering a software file without any clues about its origin or purpose.”

Project Ire was developed by Microsoft’s research and security teams, uses AI and reverse engineering tools to classify malware with 0.98 precision and 0.83 recall. Microsoft pointed out that the system is its first reverse engineer, human or machine, to author a conviction case for APT malware, leading to automatic blocking by Microsoft Defender. Built on collaborations like GraphRAG and Microsoft Discovery, it merges AI with global malware telemetry for advanced threat detection.

The Tech giant states that Microsoft Defender scans over a billion devices monthly, but malware classification still relies heavily on expert review due to the complexity and ambiguity of threats. Analysts face fatigue and burnout from manual work, especially since many behaviors in software don’t clearly signal if they’re malicious. Unlike other AI security tasks, malware classification lacks definitive validation, making automation difficult and highlighting the need for scalable, intelligent solutions.

“Project Ire attempts to address these challenges by acting as an autonomous system that uses specialized tools to reverse engineer software. The system’s architecture allows for reasoning at multiple levels, from low-level binary analysis to control flow reconstruction and high-level interpretation of code behavior.” continues the announcement. “Its tool-use API enables the system to update its understanding of a file using a wide range of reverse engineering tools, including Microsoft memory analysis sandboxes based on Project Freta, custom and open-source tools, documentation search, and multiple decompilers.  “

Project Ire starts by using smart tools to figure out what a file is and how it works. It then maps out how the software runs using tools like  angr and Ghidra [1]. As it digs deeper, it uses AI to study key parts of the software and builds a clear trail of evidence to show how it made its decision. This helps security experts double-check its work. Finally, it cross-checks its findings and writes a full report, saying whether the software is safe or harmful.

The AI-based system was tested on a set of Windows drivers, including malicious ones from the Living off the Land Drivers database and safe ones from Windows Update, to evaluate its ability to classify malware accurately.

“This classifier performed well, correctly identifying 90% of all files and flagging only 2% of benign files as threats. It achieved a precision of 0.98 and a recall of 0.83. This low false-positive rate suggests clear potential for deployment in security operations, alongside expert reverse engineering reviews.” concludes the announcement. For each file it analyzes, Project Ire generates a report that includes an evidence section, summaries of all examined code functions, and other technical artifacts.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Project Ire)