The new system has already demonstrated its capabilities by identifying an active hacking group and classifying threats with what Microsoft researchers call the “gold standard” in malware detection.

Project Ire leverages large language models (LLMs) combined with specialized cybersecurity tools to analyze software files, determine whether they are malicious, and trace their origins—even when the threats are previously unseen.

In controlled tests, Project Ire correctly identified 90% of malicious files while maintaining a low false-positive rate of just 2%. Notably, it flagged a kernel-level rootkit by recognizing suspicious behavior patterns such as process termination and external command-and-control links.

Researchers confirmed that Project Ire became the first AI system at Microsoft capable of building a solid enough case against an advanced persistent threat (APT) to justify automatic blocking in Windows Defender.

In larger trials involving 4,000 unclassified files, the tool achieved a precision score of 0.89—meaning nine out of ten files it marked as malware were accurate threats. Despite only detecting about 25% of all threats in that batch, researchers highlighted its ability to operate autonomously without prior exposure to the files, a feat other Microsoft tools could not match.

Developed jointly by Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, Project Ire represents a significant leap in automating malware classification—a task long considered too complex for AI.

Unlike earlier systems, Project Ire uses multi-level reasoning, integrates open-source frameworks like angr and Ghidra, and relies on APIs to gather evidence. It validates its conclusions against insights from human experts, producing a detailed report for analysts to review.

By combining automation with transparency, Project Ire could reshape the future of cybersecurity and reduce the burden on human malware analysts.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com