Google uncovers PROMPTFLUX, an AI-driven malware evolving in real time to evade detection

Researchers at Google have discovered PROMPTFLUX, a pioneering malware that dynamically rewrites its code using large language models, signalling a new era of autonomous cyber threats that challenge existing detection methods.

Researchers at Google’s Threat Intelligence Group (GTIG) have uncovered an experimental malware family, dubbed PROMPTFLUX, which represents a striking evolution in cyber threats by harnessing large language models (LLMs) to rewrite its own code dynamically in real-time. This innovation allows the malware to obfuscate its code continuously, avoiding traditional detection methods and marking a significant leap toward more autonomous and adaptive malicious software. PROMPTFLUX operates by interacting with Google’s Gemini AI model API, effectively learning how to modify itself on the fly to evade security defences, a technique that signifies a worrying escalation in malware sophistication.

This “just-in-time” code rewriting approach stands out because the malware does not rely on hard-coded malicious functions but instead generates harmful scripts as needed during execution. According to GTIG, the malware “dynamically generates malicious scripts, obfuscates its own code to evade detection, and leverages AI models to create malicious functions on demand.” Despite its advanced capabilities, PROMPTFLUX remains in a testing or development phase with some features incomplete and with mechanisms limiting API calls, and crucially, researchers have not yet observed it actively infecting devices or networks in the wild. Google has already taken action to disable the associated assets to prevent potential spread.

The implications of malware like PROMPTFLUX extend beyond its current developmental status, however. Google warns that it is “associated with financially motivated actors” and points to an expanding underground marketplace for illicit AI-powered tools, which could lower the entry barriers for cybercriminals who lack sophisticated technical expertise. Industry observers highlight similar emerging threats such as PROMPTSTEAL and the AI-driven ransomware PromptLock, which also employ local or cloud-hosted large language models to generate malicious payloads dynamically, further complicating detection and response efforts.

Beyond financial crime, state-sponsored actors from nations including North Korea, Iran, and China are reportedly experimenting with AI to enhance their cyber capabilities, underscoring the broad and strategic interest in AI as a force multiplier in cyber warfare. Amid these developments, companies like Microsoft are responding by developing their own AI-driven cybersecurity tools. For example, Microsoft’s Project Ire is an autonomous AI agent designed to reverse-engineer and detect malware, showing promising accuracy in early tests by leveraging LLMs combined with traditional cybersecurity techniques. Google itself has introduced an AI agent named Big Sleep, aimed at identifying vulnerabilities in software proactively.

The ongoing technological arms race between malicious and defensive use of AI underscores the dual-edged nature of generative intelligence. While AI-powered malware poses a serious threat, the technology also offers new avenues for improving threat detection and software security. GTIG has proposed a new conceptual framework to secure AI systems, highlighting the need for strengthened defensive strategies as the cybersecurity landscape rapidly evolves with the integration of AI capabilities.

This situation reflects a broader trend identified by cybersecurity experts: the advent of AI is dramatically transforming cyberattack methodologies. Traditional malware detection approaches face unprecedented challenges due to the dynamic and adaptive nature of AI-enabled threats, necessitating urgent advances in security practices and AI governance. As the battlefield increasingly features AI on both sides, the stakes for securing digital environments have never been higher.

📌 Reference Map:

• ^[1] (Futurism) – Paragraphs 1, 2, 3, 4, 6, 7, 8
• ^[2] (Cybersecurity-Help) – Paragraph 2
• ^[3] (Cybernews) – Paragraph 3
• ^[5] (Tom’s Hardware) – Paragraph 3
• ^[6] (TechRadar) – Paragraph 3
• ^[4] (ITPro) – Paragraph 6
• ^[7] (The Verge) – Paragraph 3

Source: Noah Wire Services