Cybercriminals are increasingly turning to artificial intelligence to build malware, leading to a 67% jump in AI-generated malicious code over the past year. Researchers tracking the trend say attackers are adopting these tools faster than security teams can update their defenses, leaving organizations scrambling to keep up.
The scale of the shift
The jump was identified in a broad analysis of malware samples submitted to threat-intelligence platforms. Analysts found that the share of malware created with the help of AI tools rose by more than two-thirds compared with the previous period. The numbers point to a fundamental change in how attacks are engineered: instead of hand-coded scripts, attackers now routinely use large language models and generative AI to write, obfuscate, and tweak malicious code on the fly.
One security researcher described the change as "industrialization" of malware creation — automated, cheap, and difficult to block with signature-based detection. The same tools that help developers write legitimate software are being repurposed to generate polymorphic malware that changes its signature each time it runs.
Why attackers are gaining ground
The speed of adoption on the criminal side has caught many security vendors off guard. AI-generated malware can be produced in minutes, tested against antivirus engines, and modified until it evades detection. Traditional security frameworks — built around known indicators of compromise and manual threat hunting — are struggling to keep pace.
Researchers note that attacker sophistication is rising faster than the update cycles of most enterprise security products. Where a security framework might be updated once a month, an AI-powered attacker can generate thousands of unique malware variants in a single day. This asymmetry means that even well-defended networks face a growing blind spot: new, never-before-seen samples that arrive faster than signature databases can absorb them.
What security frameworks are up against
The problem is not just volume but adaptability. AI-generated malware often includes logic that detects whether it is running in a sandbox or a virtual machine — a common security-analysis technique — and halts execution if it does. Attackers also use AI to tailor payloads to specific targets, scraping public data about employees, software stacks, and network architectures to craft infections that look like legitimate internal traffic.
Security teams are responding by shifting toward behavioral detection and machine-learning models that flag anomalous activity rather than relying on static blacklists. But those models themselves must be constantly retrained as attackers learn to mimic normal user behavior. Several incident-response firms reported that they now see AI-assisted attacks in more than half of their cases, up from a fraction two years ago.
Regulators have taken notice. Several national cybersecurity agencies have issued advisories warning that existing security frameworks — such as the NIST Cybersecurity Framework and ISO 27001 — may need to be updated to account for AI-driven threats. But those updates take years to draft and approve, while the attackers iterate weekly.
Unanswered questions and the road ahead
One open question is how long it will take for defensive AI tools to catch up to offensive ones. Some security vendors have begun embedding generative AI into their own products, using it to generate synthetic attack simulations and automatically suggest patches. But the same technology that powers those tools can also be used by attackers to find weaknesses in the defensive models themselves.
For now, the message from security professionals to clients is blunt: assume AI-generated malware is already in your network, and plan for it. The 67% figure is expected to rise again next year. The next round of framework updates from the National Institute of Standards and Technology is due for public comment in the fall, but whether those revisions will be enough to close the gap remains to be seen.
