HYAS Warns of AI-Driven Malware With “EyeSpy” POC

Polymorphic, Intelligent Fully Autonomous AI Malware Proof of Concept Lets Security Teams Train The Way They Need To Fight

HYAS Infosec has unleased  prototype of future AI-enabled threats with its EyeSpy proof-of-concept (PoC), a new class of polymorphic, fully autonomous malware that employes AI to make informed decisions and synthesize its capabilities as needed in order to launch highly effective cyberattacks while continuously morphing to avoid detection.

EyeSpy assesses its target environment, autonomously determines available attack vector, and continuously attempts attacks and updates its malware code until it achieves the attacker’s goals.

EyeSpy achieves its objectives by:

1. Selecting its intended victim independently or through a threat actor’s specification

2. Assessing the target environment, platform, applications and environmental footprint

3. Identifying optimal vectors to extract information

4. Writing malware on the fly – for example, if a target is on a specific video conference app, it will compose, test & validate the malware for that app

5. Executing the attack

6. Analyzing the QA result

7. Self-repair and continued attack iteration until it has achieved the attacker’s goals

“I have seen EyeSpy demoed,” said Charles Kolodgy of Security Mindsets. “The nightmare scenario where malware can autonomously respond to its environment is reality. With EyeSpy, HYAS is getting into the adversarial mindset on what’s coming in the future and is able to be more predictive on what we’ll be facing.”

HYAS CEO David Ratner said “What if threat actors used AI tools to create malware that could reason and act on its own, while continuously refining its code in response to its targeted environment and evading detection? We could assume threat actors were likely already doing this. To sustain and advance our adversarial detection, we had to move, and quickly.”

David Mitchell, HYAS CTO, said the goal in creating EyeSpy was enabling “cybersecurity professionals to train the way they’ll have to fight and to engineer security stack solutions that can defend against and mitigate even the worst emerging threats – before their destructive power can be brought to bear.”

“Analysts have speculated that smart malware is on the horizon. Well, the future is now,” Kolodgy said.

Ratner anticipates autonomous AI driven malware entities will play a role in tomorrow’s cyber warfare landscape – a future replete with adaptive entity with evolving strategies, making its class of malware an ever-present, dynamic threat that evades detection.

“This is the nightmare situation that we knew was coming, and now it’s here,” confirms Todd Graham, Managing Partner, M12. “There is no doubt this is the next threat landscape and the new theater of war. HYAS is developing the type of technology we will need to defend against the next generation of cyber-attacks and warfare, and it is essential that the industry as a whole prepare to combat this level of fully autonomous, AI-synthesized, polymorphic attack frameworks.”