In the Wild Malware Prototype with Embedded Prompt Injection
The public discourse surrounding the capabilities and emerging role of AI is drowned in a sea of fervor and confusion. The few attempts to ground the discussion in concrete arguments and experimental methods paint a nuanced, contradictory picture. University of Washington researchers warn of “Stochastic Parrots” that output tokens mirroring the training set, without an underlying understanding; Anthropic finds that when writing a poem, Claude Haiku plans many tokens ahead. Apple researchers discover that if you ask an LLM to write down the lengthy solution to 10-disk “Towers of Hanoi”, it falls apart and fails to complete the task; A Github staff software engineer retorts that you would react the same way, and that doesn’t mean you can’t reason. Microsoft researchers find that reliance on AI has an adverse impact on cognitive effort; a Matasano security co-founder issues a rebuke of the skeptical movement, saying “their arguments are unserious [..] the cool kid haughtiness about ‘stochastic parrots’ and ‘vibe coding’ can’t survive much more contact with reality”. The back-and-forth doesn’t end and doesn’t seem poised to end in the foreseeable future.
This storm has not spared the world of malware analysis. Binary analysis, and reverse engineering in particular, have a certain reputation as repetitive, soul-destroying work (even if those who’ve been there know that the 2% of the time where you are shouting “YES! So THAT’S what that struct is for!” makes the other 98% worth it). It is no surprise that the malware analysis community turned a skeptical yet hopeful eye to emerging GenAI technology: can this tech be a real game-changer for reverse engineering work?
A trend began taking form. First came projects such as aidapal, with its tailor-made UI and dedicated ad-hoc LLM; then, automated processors that could read decompiled code and (sometimes) give a full explanation of what a binary does in seconds. Then came setups where frontier models such as OpenAI o3 and Google Gemini 2.5 pro are agentically, seamlessly interacting with a malware-analysis-in-progress via the MCP protocol (e.g., ida-pro-mcp), orchestrated by MCP clients with advanced capabilities — sometimes even the authority to run shell commands.