AI malware can now beat Microsoft Defender 8% of the time—and that’s a big problem
Generative AI has already rewritten the playbook for art, code, and content creation—and not always in good ways. Now it’s rewriting the rules of malware, too. At this year’s Black Hat conference in Las Vegas, security researcher Kyle Avery of Outflank is set to unveil an AI-powered tool that can bypass Microsoft Defender up to 8 percent of the time. On paper, that figure doesn’t sound earth-shattering—but zoom out, and the implications are huge.
Microsoft Defender is the default security layer on over a billion Windows 10 and 11 machines. A malware system with a consistent 8% success rate isn’t just a fluke; it’s a meaningful breach in the armor. If deployed at scale—across phishing emails, malicious downloads, or through plug-and-play toolkits—it could give attackers access to tens of millions of devices with little more than open-source software and some creative fine-tuning.
According to Dark Reading and Tom’s Hardware, Avery trained the model over three months with a budget of just $1,500. That’s pocket change in the world of cybercrime, making it more than plausible that other actors will follow the same playbook. If malware developers can simply plug malicious code into an AI engine that iterates for bypasses in real time, traditional antivirus tools—already reactive in nature—may struggle to keep up.
This kind of AI-powered threat also introduces new complications. Unlike older malware strains that relied on static code or known exploits, this new class of threats is dynamic and learning. Worse still, it’s automated. Attackers don’t have to be master programmers—they just need access to a toolkit built by someone who is.
While Avery’s disclosure at a legitimate security conference gives Microsoft a fighting chance to harden its defenses, the timing couldn’t be worse. The company has been laying off security and AI staff across various departments, and the responsibility of countering AI-powered malware will only grow more demanding.
It’s a preview of what the near future might look like: low-cost, scalable, AI-driven cyberattacks versus under-resourced, slower-moving defenders. And unless that balance shifts quickly, it’s going to be a long fight ahead.