Advanced cyber intruders sometimes avoid deploying conspicuous malware, instead stealing login credentials and using legitimate accounts to masquerade as authorized users and remain dormant to maintain persistent access.
October 12, 2025
high
temporal
Describes a persistent access and operational tradecraft used in some intrusions.
Malware variants have been observed using large language models (LLMs) to change behavior mid-attack, enabling dynamic generation of malicious scripts, on-demand creation of malicious functions, and code obfuscation to evade detection.
high
technical
Describes capabilities attributed to emerging AI-enabled malware that leverage LLMs during active intrusions.
Some malware can call out to LLMs (including proprietary models such as Gemini) to rewrite their own source code, disguise malicious activity, and attempt lateral movement across connected systems.
high
technical
Refers to use of external AI models to modify malware behavior and aid persistence and propagation within networks.
Some AI-enabled malware is built around open-source models hosted on platforms such as Hugging Face and can accept interactive prompts from operators to navigate a system and exfiltrate data.
high
technical
Highlights a model of malware that leverages open-source LLMs to provide prompt-driven, interactive control and data exfiltration.