UNIT 42 researchers analyse two malware samples that incorporate AI to support remote decision making, rather than local execution. The first is a .NET information stealer that integrates GPT-3.5-Turbo via HTTP API and stores collected data such as system information and browser cookies before exfiltration to a C2 server, with four OpenAI API calls that are described as a nonsensical use of an LLM.
The second sample is a Golang dropper for Sliver that uses an OpenAI GPT-4 prompt to assess the target environment and decide whether to proceed with infection, returning a JSON response like { "execute": true/false, "confidence": ... } to guide whether the payload should be launched.
The article notes that both samples leverage AI for remote decision making and that there are challenges in deploying local models, while also pointing out that some AI integrations are poorly implemented and more theatre than practical capability. It also states that Unit 42 analysts are not aware of any examples in the wild of locally executed agentic attack flows.
Palo Alto Networks clients are advised that protection can be enhanced by products such as Advanced Threat Prevention, Advanced WildFire, Cortex XDR and XSIAM.