web analytics

Project Ire: Microsoft’s autonomous AI agent that can reverse engineer malware – Source: www.csoonline.com

project-ire:-microsoft’s-autonomous-ai-agent-that-can-reverse-engineer-malware-–-source:-wwwcsoonline.com
Rate this post

Source: www.csoonline.com – Author:

Developed by Microsoft Research and the Defender teams, Project Ire utilizes advanced reasoning and reverse engineering tools to classify software threats without requiring prior signatures.

Microsoft has introduced Project Ire, an autonomous AI agent capable of analyzing and classifying software as either malicious or benign, without any prior knowledge of its origin or purpose.

Developed in collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, the system uses advanced language models and a suite of callable reverse engineering and binary analysis tools to drive investigation and adjudication.

Project Ire was tested on publicly available datasets of Windows drivers, and has achieved a precision of 0.98 and a recall of 0.83, noted Microsoft. The company also acknowledged  Project Ire to be the first reverse engineer at Microsoft, whether human or AI, to build a case strong enough to automatically block a specific advanced persistent threat (APT) malware sample. The threat was later confirmed and blocked by Microsoft Defender.

How Project Ire works

Microsoft Defender scans over one billion active devices monthly that routinely require manual review of software by experts, resulting in errors and alert fatigue. Hence, Project Ire’s architecture allows for reasoning at multiple levels, from low-level binary analysis to control flow reconstruction and high-level interpretation of code behavior.

Project Ire starts by identifying the file type and structure, then reconstructs the software’s control flow graph using tools such as angr and Ghidra. It analyzes key functions through an API, building a detailed “chain of evidence” to show how it reached its verdict. A built-in validator cross-checks findings against expert input to ensure accuracy before the system classifies the software as malicious or benign.

“Project Ire, as an autonomous AI prototype, advances beyond existing tools that rely on reverse engineering software to detect threats. Unlike current TDIR tools on the market, which depend on known machine learning or AI models and signatures for identifying known threats and patterns, Project Ire appears to perform deep, independent analysis of a file’s behaviour,” said Charanpal Bhogal, senior director analyst at Gartner. He added, “This enables it to identify new or previously undetected malicious code by using AI agents to examine the attack surface and deliver a clear ‘chain of evidence’ for action. The agentic AI element shifts from human-supported to fully autonomous approaches, while still maintaining a human in the loop.”

“Unlike established tools such as CrowdStrike Falcon, SentinelOne, and Palo Alto Cortex XDR, which rely on pattern recognition, supervised learning, and human validation, Ire is designed to independently generate malware analyses and deliver interpretable threat classifications using a reasoning engine that mimics human cognitive processes. This could reduce alert fatigue and triage times,” said Manish Rawat, analyst at TechInsights.

Real-world testing

In real-world tests on 4,000 “hard-target” files that had stumped automated tools, Project Ire flagged 9 malicious files out of 10 files correctly, and a low 4% false positive rate.

This makes Project Ire suitable for organizations that operate in high-risk, high-volume, and time-sensitive environments where traditional human-based threat triage is insufficient.

Rawat added that ideal adopters include cloud-native enterprises, multinational corporations, and critical infrastructure sectors managing vast, complex attack surfaces. Even mid-sized firms with under-resourced Security Operations Centers (SOCs) can benefit, as Ire helps scale detection amid cybersecurity talent shortages.

According to Bhogal, large enterprises with mature software development programs, especially in defense, healthcare, financial services, government, and manufacturing, are also well-positioned to gain value from Ire.

Deployment challenges

Currently a prototype, Microsoft plans to leverage Project Ire inside Microsoft’s Defender organization as a Binary Analyzer for threat detection and software classification.

But adopting Microsoft’s Project Ire in real-world SOCs would require significant technical and operational shifts. “Adopting Project Ire in enterprise SOCs would require integration with existing SIEM and SOAR systems, robust computing infrastructure for LLMs, analyst training to interpret AI outputs, redesigned escalation processes, and updated governance to ensure transparency, compliance, and risk control,” said Pareekh Jain, CEO at EIIRTrend & Pareekh Consulting.

Project Ire signals a growing industry move toward agentic AI, where autonomous systems will be capable of acting, adapting, and making decisions independently.  But at the same time, over-reliance on autonomous systems can also pose notable risks such as overconfidence in AI decisions, model drift or adversarial exploitation, lack of explainability, and human skill decay from over-delegation, added Jain.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Original Post url: https://www.csoonline.com/article/4035728/project-ire-microsofts-autonomous-ai-agent-that-can-reverse-engineer-malware.html

Category & Tags: Malware, Security – Malware, Security

Views: 3

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Marcos Jaimovich
Nuevo Firewall para IA , un Cacharro nuevo para nuestro SOC y los equipos de Ciberseguridad !
Nuevo Firewall para IA ,...
Vendict
The 2024 CISO Burnout Report by Vendict
The 2024 CISO Burnout Report...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...

LASTEST PUBLISHED POSTS

Cyberint
Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company
Retail Threat Landscape Report Q1-Q3...
NCSC
Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem
Protecting Critical Supply Chains –...
Culture AI
Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.
Time to Adapt – The...
National Cyber Security Centre
Engaging with Boards to improve the management of cyber security risk.
Engaging with Boards to improve...
Microsoft Security
2024 State of Multicloud Security Report by Microsoft Security
2024 State of Multicloud Security...
bugcrowd
Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd
Inside the Mind of a...
Mohammad Alkhudari
Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024
Cybersecurity Strong Strategy step by...
Lacework
CISO’s Playbookto Cloud Security by Lacework
CISO’s Playbookto Cloud Security by...
MITRE - Carson Zimmerman
Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE
Ten Strategies of a World-Class...
SILVERFRONT - AIG
Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.
Identity Has Become the Prime...
CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE

More Latest Published Posts

WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security Testing Tools
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?
CIS - Center for Internet Security
How to Plan a Cybersecurity Roadmap in Four Steps
How to Plan a Cybersecurity Roadmap in Four Steps
ACSC Australia
Information Security Manual
Information Security Manual
Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos