AI-Powered Malware Enables Adaptive Cyberattacks

The article explicitly details malware that uses AI large language models to enhance their malicious capabilities, such as evading detection and generating commands for execution. These AI systems are part of the malware's operational mechanism, leading directly to harm through cyberattacks and data theft. The involvement of AI in the malware's development and use, combined with the realized harm from these attacks, fits the definition of an AI Incident. Although some experts question the current threat level of certain malware strains, the article confirms actual operations and harm, justifying classification as an AI Incident rather than a hazard or complementary information.

The event explicitly involves AI systems (LLMs like Gemini) being used maliciously to generate and deploy malware that evades antivirus detection and steals data, which directly leads to harms such as data theft and potential system compromise. The malware is actively used in operations, not just a theoretical risk, and Google has identified multiple AI-enabled malware families causing harm. The involvement of AI in the malware's development and use is central to the incident. Although some malware is in early stages, others are actively stealing credentials and encrypting data, indicating realized harm. Thus, the event meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems (large language models) integrated into malware strains (PromptFlux and PromptSteal) that are actively used in cyberattacks, including on Ukrainian entities. The malware uses AI to dynamically generate malicious scripts and evade detection, directly contributing to harmful cyber operations. This meets the definition of an AI Incident as the AI system's use has directly led to harm (cyberattacks causing disruption and data exfiltration). The involvement is in the use and development of AI systems for malicious purposes, with realized harm rather than just potential risk.

The article explicitly mentions AI systems (large language models) being used by threat actors to conduct malicious activities, including malware execution and phishing, which are forms of cyberattacks. Although no specific harm or incident is reported as having occurred, the use of AI in these ways plausibly leads to significant harms such as disruption of critical infrastructure or harm to property and communities. The report also discusses ongoing efforts to mitigate these risks, indicating awareness of the potential threat. Since the harm is potential and not yet realized or detailed as an incident, the classification as an AI Hazard is appropriate.

The article explicitly mentions AI systems (Gemini AI and LLMs) being used by malicious actors to create malware that can rewrite its own code to evade detection and to perform data mining on sensitive personal information. These activities have directly led to or are actively causing harm, including privacy violations and cyberattacks. The use of AI in live operations by known threat actors (APT28) confirms realized harm rather than just potential risk. Hence, the event meets the criteria for an AI Incident as the AI system's use has directly led to significant harm.

The article explicitly details AI systems (AI-driven malware) being used in active cyberattacks that cause harm to individuals and organizations by stealing data, evading antivirus detection, and facilitating criminal operations. This constitutes direct harm to property and potentially to communities through cybercrime. The AI system's use and malfunction (in the sense of malicious behavior) have directly led to these harms. Therefore, this qualifies as an AI Incident rather than a hazard or complementary information, as the harms are occurring and the AI's role is pivotal.

The article explicitly mentions the use of Google's Gemini AI system by state-sponsored threat actors to conduct and enhance malicious cyber operations, including malware creation, phishing, exploitation, and command-and-control activities. These activities constitute direct harm to individuals and organizations, fulfilling the criteria for an AI Incident. The involvement of AI in enabling these harms is clear and central to the event. The presence of experimental AI-driven malware further underscores the realized and evolving nature of harm. Hence, this event is classified as an AI Incident rather than a hazard or complementary information.

The article explicitly involves AI systems (large language models) used in malware development and deployment. While the malware is mostly experimental and not fully reliable or persistent, the AI's role in enabling adaptive, self-modifying, and stealthy malware indicates a credible risk of future harm, including data theft, ransomware attacks, and infrastructure disruption. No confirmed incidents of harm are reported yet, but the plausible future harm from these AI-driven cyber threats justifies classification as an AI Hazard rather than an AI Incident. The article does not focus on responses or updates to past incidents, so it is not Complementary Information, nor is it unrelated to AI harms.

The event explicitly involves AI systems (large language models) integrated into malware that dynamically alters behavior during execution, which is a clear use of AI in a harmful context. The malware has been used in real attacks (e.g., PROMPTSTEAL by APT28 against Ukrainian targets), indicating direct involvement of AI in causing harm through cyber intrusions. This fits the definition of an AI Incident because the AI system's use has directly led to harm (cyberattacks) and breaches of security, which can be considered harm to communities and property. The report also notes the growing use of AI tools in criminal activities, reinforcing the ongoing nature of the harm. Therefore, this event is best classified as an AI Incident.

The article explicitly mentions AI systems (Google's Gemini AI, Hugging Face's LLM) integrated into malware that dynamically adapts and evades detection, enabling cyberattacks and data theft. These attacks have been observed in the wild, including by a known threat actor linked to Russia, indicating actual harm has occurred. The AI's role is pivotal in enhancing malware capabilities, making the attacks stealthier and more adaptive. This meets the definition of an AI Incident as the AI system's use has directly led to harm (unauthorized access, data theft, disruption of security).

The event involves the use and development of AI systems (large language models) integrated into malware for self-modification and evasion, which is a clear AI system involvement. While the specific malware PROMPTFLUX is not yet operational and has not caused realized harm, the article outlines a credible and plausible future risk of AI-powered malware causing significant cyber harm. Therefore, this event qualifies as an AI Hazard because it plausibly could lead to AI Incidents involving harm to property, data, and possibly critical infrastructure. It is not an AI Incident yet since no direct harm has occurred, nor is it merely complementary information or unrelated news.

The article explicitly details how AI systems (LLMs like Gemini) are being used by threat actors to create adaptive malware, craft phishing campaigns, and develop hacking tools, which are actively causing harm through cyberattacks. This meets the definition of an AI Incident because the AI system's use has directly led to violations of security and privacy, which constitute harm to individuals, organizations, and communities. The harms are realized and ongoing, not merely potential. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems (LLMs) being used in malware to facilitate cyberattacks, which are harmful activities causing violations of security and potentially human rights. The AI involvement is in the use and development of these malicious tools by criminals, including state-sponsored actors. The harm is realized as these tools are actively used in operations like data exfiltration and reconnaissance. Therefore, this event meets the criteria for an AI Incident due to direct harm caused by AI-enabled malicious cyber activities.

The event explicitly involves an AI system (AI-enabled malware using large language models to rewrite its own code) whose use could plausibly lead to significant harm, such as disruption of computer systems, data loss, or other cybersecurity damages. Although no actual harm has yet occurred since the malware is experimental and not deployed in the wild, the dynamic, autonomous behavior enabled by AI represents a credible future risk. The event is not merely general AI news or a product announcement, nor is it a response or update to a past incident. Hence, it fits the definition of an AI Hazard rather than an AI Incident or Complementary Information.

The article explicitly states that AI-powered malware is currently active in the wild, dynamically altering its behavior mid-attack to evade detection and steal data. This demonstrates direct use of AI systems in causing harm through cyberattacks, fulfilling the criteria for an AI Incident. The harms include breaches of data security, harm to enterprise operations, and potential violations of intellectual property and privacy rights. The AI system's involvement is in the use and malfunction (malicious use) of AI to perpetrate these harms. Hence, the event is classified as an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems (large language models) integrated into malware that dynamically generate malicious scripts and evade detection, which have been actively used by threat actors such as APT28. The use of AI in malware execution directly leads to harm through cyberattacks, data theft, and increased cybercrime capabilities. This meets the definition of an AI Incident because the AI system's use has directly led to harm to property and communities. The involvement is in the use and deployment of AI systems within malware causing realized harm, not just potential harm or general AI-related news.

The report explicitly details the use of AI systems by malicious actors to conduct cyberattacks that have already caused harm, such as crypto scams with deepfake images and AI-powered phishing. The AI systems are integral to the attack methods, enabling more sophisticated and harder-to-detect attacks. This constitutes an AI Incident because the AI system's use has directly led to harms including fraud, privacy violations, and security breaches. The report also discusses mitigation efforts, but the primary focus is on the realized harms caused by AI misuse in cyberattacks.

The article explicitly details malware families that incorporate AI systems (LLMs) in their active operations, such as PROMPTFLUX and PROMPTSTEAL, which use generative AI to mutate code and execute reconnaissance commands. These AI systems are directly involved in causing harm by enabling cyberattacks that compromise system security and data integrity. The harms include disruption of digital infrastructure and violation of security, fitting the definition of an AI Incident. The article also notes ongoing harm rather than just potential risk, distinguishing it from an AI Hazard or Complementary Information.

The report explicitly identifies AI systems (large language models) integrated into malware that dynamically generate malicious code and commands during execution, which directly leads to harm through data theft and evasion of cybersecurity measures. The involvement of AI in the malware's operation is central and causal to the harm described. The harms include violations of property rights and security breaches, fulfilling the criteria for an AI Incident. The event is not merely a potential risk or a general update but documents active AI-driven malicious activity causing harm.

The article explicitly mentions AI systems (large language models) being used by malware to generate and obfuscate malicious code dynamically, which is a clear AI system involvement. The use of such AI-enabled malware has directly led to cyberattacks that harm computer systems and data, which falls under harm to property and communities. The presence of active malware families using AI in the wild confirms realized harm, not just potential. Google's intervention to disable some assets does not negate the fact that harm has occurred. Hence, this event meets the criteria for an AI Incident.

The event explicitly involves an AI system (Google's Gemini LLM) integrated into malware to autonomously rewrite its code, which is a clear example of AI system use in a malicious context. Although the malware is experimental and has not yet caused realized harm, the description indicates a credible and plausible risk of future harm through adaptive cyberattacks, including evasion of antivirus detection and lateral spread. This fits the definition of an AI Hazard, as the development and use of this AI-powered malware could plausibly lead to an AI Incident involving harm to property, communities, or critical infrastructure. The event does not describe actual realized harm yet, so it is not an AI Incident. It is more than complementary information because it reports a new threat with potential for harm, not just updates or responses. Therefore, the correct classification is AI Hazard.

The article explicitly describes AI systems (large language models) integrated into malware that dynamically generate and adapt malicious code, indicating AI system involvement. Although no actual harm has yet been caused by these AI-powered malware strains, the researchers and security experts warn that this is an early indicator of a future threat where such malware could cause significant harm. Therefore, the event describes a plausible future harm scenario due to AI system use in malware, fitting the definition of an AI Hazard rather than an AI Incident, as no realized harm is reported yet.

The article explicitly mentions AI systems (generative models, AI-enabled malware) being used in active cybercrime operations, causing harm through automated, self-modifying malware attacks. This constitutes direct harm linked to AI system use, fulfilling the criteria for an AI Incident. The mention of Google's mitigation efforts is complementary but does not change the primary classification.

The article explicitly details AI systems developed and used maliciously to generate phishing emails and malware, which have directly caused a surge in cybercrime incidents, including phishing attacks that harm individuals and organizations. The involvement of AI in these attacks is central and pivotal, with documented increases in AI-driven phishing and malware campaigns causing realized harm. This meets the criteria for an AI Incident as the AI systems' use has directly led to harm to communities and property through cybercrime.

The article explicitly mentions AI systems (advanced language models like Gemini) being integrated into malware that dynamically adapts and evades antivirus detection, which is a direct use of AI leading to harm through cyberattacks and espionage. The harm is realized, not just potential, as these malware programs are actively used in malicious operations. The involvement of AI in the development and use of these malware programs meets the criteria for an AI Incident because it directly leads to harm to property and communities through cybersecurity breaches and espionage.

The article explicitly mentions AI systems (large language models like Gemini and Qwen2.5-Coder) being used in malware to generate malicious code dynamically, which is actively deployed by threat actors including a North Korean group conducting cryptocurrency theft. This constitutes direct harm to property (digital assets) and communities (phishing attacks). The AI system's use is central to the malware's operation and the resulting harm. Therefore, this qualifies as an AI Incident.

The article explicitly describes malware that integrates generative AI as an active component during execution, enabling it to autonomously modify its behavior to evade detection and perform malicious activities. This clearly involves an AI system in the use phase, where the AI's capabilities are exploited to cause harm such as data theft and system compromise. The harms fall under property damage and harm to communities through cybersecurity breaches. Since the harm is realized and directly linked to the AI-powered malware, this qualifies as an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems (LLMs) being used in malware that dynamically rewrites its code to evade detection and perform harmful actions like data exfiltration and ransomware attacks. These activities have already occurred and caused harm, fulfilling the criteria for an AI Incident. The AI system's use is integral to the malware's operation and harm, not merely a potential or future risk. The involvement of AI in real-world malicious operations with documented harm aligns with the definition of an AI Incident.

The article explicitly mentions AI systems (large language models like Gemini and Qwen) being used in malware that dynamically adapts and generates malicious code, which is actively employed in cyberattacks causing harm such as cryptocurrency theft and phishing. The involvement of AI in the development and use of these malware strains directly leads to realized harm, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly describes AI systems (large language models) being used in malware that dynamically generates malicious scripts, evades detection, and supports cyberattacks causing harm. The harms include unauthorized data exfiltration and intrusion, which qualify as harm to property and communities. The AI system's use is integral to the malware's operation, directly leading to these harms. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly describes AI systems (generative AI models and LLMs) integrated into malware that have been used in real cyberattacks causing harm. The malware's AI capabilities enable dynamic code generation and evasion, directly contributing to the incidents of data theft and unauthorized access. The harms include violations of rights and harm to property and communities. Since harm has already occurred and AI involvement is central, this is an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems (large language models Gemini and Claude) being used by state-backed hackers to develop malware, conduct phishing, and steal cryptocurrency, which are direct harms to property and organizations. The AI systems are integral to the malicious operations, enhancing the attackers' capabilities and leading to realized harm. The involvement is through the use of AI systems in active cyberattacks, fulfilling the criteria for an AI Incident. The article also notes mitigation efforts but does not describe this as a mere potential risk or future harm, confirming the classification as an AI Incident rather than a hazard or complementary information.

The article explicitly mentions the misuse of an AI system (Google's AI assistant Gemini) by state-sponsored cybercriminals to conduct cryptocurrency theft and malware attacks. These activities constitute harm to property and communities, fulfilling the criteria for an AI Incident. The AI system's involvement is in its use (misuse) to facilitate these harms, which are occurring as reported.

The article explicitly mentions that hackers are exploiting LLMs to enhance malware and phishing tactics, which directly threatens the security of digital assets and cryptocurrency holders. This constitutes harm to property and communities through cyberattacks facilitated by AI systems. The involvement of AI in the development and use of malware and phishing tools that have already caused or are causing harm qualifies this as an AI Incident. The article also discusses ongoing mitigation efforts, but the primary focus is on the realized harm caused by AI-enabled cyberattacks, not just potential future risks or responses.

The article explicitly mentions AI systems integrated into malware that have been observed in the wild and actively used by threat actors, causing real harm. The AI systems' use in generating malicious scripts, evading detection, and executing ransomware and data theft clearly constitutes AI system involvement in causing harm. This meets the definition of an AI Incident because the AI system's use has directly led to harms such as data breaches, ransomware attacks, and unauthorized system control. The article does not merely discuss potential future risks but documents actual AI-enabled malware operations causing harm.

The article explicitly mentions AI systems (chatbots like ChatGPT and Gemini) being used by malicious actors to carry out cyberattacks that are currently happening, causing harm such as ransomware attacks, credential theft, and espionage. This constitutes direct and indirect harm caused by AI system misuse, fitting the definition of an AI Incident. The harms include violations of security, harm to communities, and potentially harm to property and information rights. The article does not describe a potential or future risk but an ongoing reality, so it is not an AI Hazard. It is not merely complementary information or unrelated news, as the AI misuse is central and causing harm.

The involvement of AI systems (LLMs) in malware development and deployment is explicit, and the malware's enhanced capabilities lead directly to harm through crypto theft. This constitutes an AI Incident because the AI system's use has directly led to harm (theft of crypto assets) and disruption of digital property rights and security.

The article explicitly mentions AI systems (LLMs like Gemini and Qwen2.5-Coder) being used during runtime by malware to rewrite code and generate commands, which directly leads to ongoing cyberattacks and crypto theft. This constitutes direct harm caused by AI system use, fulfilling the criteria for an AI Incident. The involvement of AI in enabling these attacks and the realized harm to property and individuals confirms this classification.

The article explicitly mentions AI systems (LLMs Gemini and Qwen2.5-Coder) being used by malware to generate malicious code dynamically, which directly leads to theft of crypto wallets and sophisticated phishing attacks. This constitutes harm to property and communities, fulfilling the criteria for an AI Incident. The involvement of AI is central and pivotal to the malware's operation and the resulting harm. The event is not merely a potential risk or a governance update but documents ongoing malicious use of AI causing actual harm.

The article explicitly details how AI systems (large language models) are used by malware to generate evasive and adaptive code that leads to crypto wallet theft and phishing attacks. These activities cause direct harm to property and communities. The AI system's use is integral to the malware's effectiveness and the resulting harm, fulfilling the criteria for an AI Incident. The report also mentions concrete harm already occurring, not just potential harm, and describes mitigation efforts, but the primary event is the realized harm caused by AI-powered malware.

The event explicitly involves AI systems (large language models) integrated into malware that dynamically generates malicious code and phishing content, leading to direct harm through cryptocurrency theft and cyberattacks. This meets the definition of an AI Incident because the AI system's use in malware has directly led to harm to property (cryptocurrency theft) and communities (targeted phishing attacks). The detailed description of active malware campaigns and their impacts confirms realized harm rather than potential harm, ruling out AI Hazard or Complementary Information. Therefore, the classification is AI Incident.

The event involves an AI system explicitly: the malware uses a large language model (Gemini) to generate and rewrite its malicious code. The malware is currently in a development or testing phase and has not yet caused actual harm, so it does not meet the criteria for an AI Incident. However, the AI system's use in enabling the malware to evade detection and adapt autonomously plausibly could lead to significant harm in the future, such as data breaches or system compromises. This fits the definition of an AI Hazard, as the AI system's malfunction or misuse could plausibly lead to harm. The article also mentions mitigation efforts by Google, but these do not change the classification. Hence, the correct classification is AI Hazard.

The malware involves an AI system (generative AI model) used in its development and operation to autonomously adapt and evade detection. While no actual harm has been reported yet, the described capabilities plausibly could lead to AI incidents such as cyberattacks causing harm to property, infrastructure, or communities. Therefore, this event fits the definition of an AI Hazard, as it plausibly could lead to an AI Incident in the future but has not yet caused realized harm.

The article explicitly mentions AI systems (language models like Gemini and Qwen2.5-Coder) being used by hackers to improve malware and conduct cyberattacks. These attacks have already occurred and caused harm to companies and the broader ecosystem, fulfilling the criteria for an AI Incident. The AI system's use in malware development and phishing directly contributes to violations of property and security, which are recognized harms under the framework. Hence, this is not merely a potential hazard or complementary information but a realized AI Incident.

The event involves an AI system (the Gemini large language model) being used by malware to autonomously generate evasive code, which is a clear example of AI system involvement. While no actual harm has yet occurred at scale, the article highlights the credible potential for serious harm, including data breaches and disruption of security systems, if such malware becomes widespread. Therefore, this situation fits the definition of an AI Hazard, as it plausibly could lead to an AI Incident in the future. It is not an AI Incident yet because the harm is not realized, nor is it merely complementary information since the focus is on the emerging threat itself.

The malware explicitly uses AI to autonomously modify its code during attacks, which qualifies it as an AI system. While no actual harm has been reported yet, the AI system's capability to evade detection and adapt in real time plausibly leads to significant future harm, including disruption of critical digital infrastructure and potential breaches of security. The event focuses on the potential threat and ongoing development rather than realized harm, fitting the definition of an AI Hazard rather than an AI Incident. The article also discusses responses and defensive measures, but the primary focus is on the emerging threat posed by this AI-powered malware.

The article explicitly mentions an AI system (large language models, specifically Google's Gemini AI) being used by malware to rewrite its own code dynamically. While no actual infections or harm have been observed yet, the malware is in development/testing and represents a credible threat that could lead to harm in the future. The involvement of AI in enabling autonomous, adaptive malware that can evade detection is a clear AI system use with plausible future harm. Therefore, this event is best classified as an AI Hazard rather than an AI Incident, since harm has not yet materialized.

The report explicitly details how AI systems are being used maliciously to develop and execute malware that adapts in real-time, enabling more effective cyberattacks. This directly causes harm through data theft, disruption, and potential damage to digital infrastructure and users. The involvement of AI in these attacks is central and pivotal, fulfilling the criteria for an AI Incident. The harms are realized, not just potential, as live operations using AI-powered malware have been observed. Therefore, this event qualifies as an AI Incident rather than a hazard or complementary information.

The article details multiple instances where AI systems are actively used in malware to cause harm, including ransomware attacks and data exfiltration. The AI's role is pivotal in enabling the malware to mutate and evade detection, directly leading to realized harms. This fits the definition of an AI Incident, as the AI system's use has directly led to injury to property and disruption of systems. The presence of AI is explicit, the harms are occurring, and the event is not merely a potential risk or complementary information but a documented active threat.

The article explicitly mentions an AI system (PROMPTFLUX malware leveraging AI and Google's Gemini AI) that is capable of adaptive behavior to evade detection, which is a clear AI system involvement. The malware is still experimental with no reported infections, so no realized harm has occurred yet. However, the potential for this AI-powered malware to cause harm to cybersecurity, critical infrastructure, and property is credible and significant, fitting the definition of an AI Hazard. The article also discusses responses and mitigation efforts, but the main focus is on the plausible future harm posed by this AI system. Hence, the classification is AI Hazard.

The article explicitly describes AI systems integrated into malware that have been used in real-world attacks, including information theft and evasion of security measures. The harms include violations of rights and harm to communities through cyber intrusion. The AI's role is pivotal in enabling these harms by making malware more adaptive and stealthy. The involvement is through the use of AI in the malware's operation (use), and the harms are realized, not just potential. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves the use and testing of AI systems (LLMs) to generate malicious code, which could plausibly lead to AI-driven cyberattacks in the future. However, the experiments show that current AI outputs are unreliable and controlled by guardrails, preventing effective autonomous attacks today. Since no actual harm or incident has occurred, but there is a credible risk of future harm if AI capabilities advance, this qualifies as an AI Hazard. The article focuses on the potential for harm rather than reporting a realized AI Incident or a governance response, so it is not Complementary Information.

The article explicitly mentions AI systems (LLMs) being used in the development and execution of malware that has been observed in operations, leading to cyberattacks and data theft. This constitutes direct involvement of AI in causing harm to property and communities through malicious cyber activities. The harm is realized, not just potential, as the malware samples are active and used by threat actors. Hence, the event meets the criteria for an AI Incident rather than a hazard or complementary information.

MalTerminal explicitly uses an AI system (GPT-4) to generate malicious payloads dynamically, which is a clear example of AI system involvement. The malware's use constitutes the AI system's use leading directly to harm, specifically cyberattacks that disrupt security and potentially violate rights to secure access and data protection. The article discusses realized harm through the malware's active deployment and its impact on IAM systems, which are critical infrastructure components. Therefore, this event qualifies as an AI Incident due to the direct link between the AI system's use and realized harm in cybersecurity.

The event involves an AI system explicitly described as generative AI used within malware to dynamically generate and rewrite its code during execution. This AI involvement directly leads to harm by enabling malware to evade detection and potentially cause damage or disruption. The harm is realized as the malware is actively used by attackers, representing a direct link between AI use and cybersecurity threats. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves the use and potential misuse of AI systems (LLMs) in generating malicious code, which directly relates to cybersecurity harms. The article documents research showing that AI-generated malware code can be produced and could lead to harm by enabling cyberattacks that evade detection, thus posing a risk to property, systems, and communities. Although fully autonomous AI malware is not yet operational, the demonstrated capability and plausible future improvements constitute a credible AI Hazard. Since no actual successful autonomous malware attack causing harm is reported yet, and the article focuses on the emerging threat and research findings, this is best classified as an AI Hazard rather than an AI Incident. The article is not merely general AI news or a governance response, so it is not Complementary Information or Unrelated.