A good friend of mine works for a company called Outflank, where they basically develop “legal” malware for red teamers to use during sanctioned tests of organizations’ security. He does not have a standard ML background, but for work he recently created an RL environment for training LLMs to generate shellcode that bypasses EDR/antivirus, which they use to great success. He wrote a blog post about it here and gave a related talk at DEFCON this month.
Normies probably underestimate the significance of being able to bypass EDR very quickly and cheaply. This is very critical security control in a large organization where you expect some proportion of your workforce to download malware at regular intervals. Training small models to do these kinds of tasks is possible on a shoestring budget well within the means of black hat organizations, and I expect them to start doing this sort of thing regularly within the next ~year or so.
A good friend of mine works for a company called Outflank, where they basically develop “legal” malware for red teamers to use during sanctioned tests of organizations’ security. He does not have a standard ML background, but for work he recently created an RL environment for training LLMs to generate shellcode that bypasses EDR/antivirus, which they use to great success. He wrote a blog post about it here and gave a related talk at DEFCON this month.
Normies probably underestimate the significance of being able to bypass EDR very quickly and cheaply. This is very critical security control in a large organization where you expect some proportion of your workforce to download malware at regular intervals. Training small models to do these kinds of tasks is possible on a shoestring budget well within the means of black hat organizations, and I expect them to start doing this sort of thing regularly within the next ~year or so.