States could already produce AI malware that evades detection


AI-generated malware that avoids detection could already be available to nation states, according to the UK’s cybersecurity agency.

To produce such powerful software, threat actors need to train an AI model on “quality exploit data,” the National Cyber Security Centre (NCSC) said today. The resulting system would create new code that evades current security measures.

“There is a realistic possibility that highly capable states have repositories of malware that are large enough to effectively train an AI model for this purpose,” the NCSC warned.

As for what a “realistic possibility” actually means, the agency’s “probability yardstick” offers some clarity.

Graph showing the likelihood of a