Future-Proofing Cybersecurity: Why HYAS Built AI-Generated Malware

  • Artificial intelligence (AI) is the next theater of war in cybersecurity. The rise of generative AI and large language models (LLMs) is creating powerful new attack vectors that outstrip anything we’ve seen before.
  • To understand how attacks are evolving, HYAS is building proof-of-concepts that demonstrate how AI-powered polymorphic malware can choose its own targets and adapt its strategies to evade detection.
  • Understanding offense is the only way to build effective defense. HYAS Labs is creating a roadmap to ensure that the HYAS platform remains just as effective in the future as it is today.

In the battle against cyber threats, artificial intelligence is the next theater of war.

Highly organized, well-funded bad actors are eluding even the smartest professionals as tactics for extortion, theft and disruption become more advanced. We’re already seeing brand-new techniques that circumvent our best defenses.

The rise of generative AI and large language models only makes the challenge more complex. Though polymorphic malware — malicious code that adapts to avoid detection — has been around for years, generative AI is supercharging its ability to overcome our most sophisticated defenses.

We can’t wait around to see how AI-powered attacks in the wild work and then build our defenses after the fact. That’s why HYAS Labs, the research team at HYAS, is building malware to get ahead of the game.

To build the best defense, we need to understand the offense. Our team is creating proof-of-concepts (POCs) like BlackMamba and EyeSpy that demonstrate how bad actors can use generative AI to break into organizations. By showing us the future of adversarial activity, these POCs give us a path toward preventing it.

From Cat-and-Mouse to Quantum Leap

Cybersecurity is, historically, a game of cat-and-mouse. Attackers use one tactic and we build defenses against it; they switch to a new strategy and we update our defenses accordingly.

The HYAS adversary infrastructure platform was designed to preempt the cat-and-mouse game by giving organizations a head start against attackers. We gather intelligence from a wide range of sources to create a complete picture of adversary infrastructure. With insight into adversaries’ command-and-control (C2) structures, HYAS empowers organizations to disrupt attacks before they cause damage.

Our knowledge of adversary infrastructure powers the most effective protective DNS solution on the market. But to continue defending against attacks, we need to understand what these attacks are going to look like in the future.

Our unrivaled domain-based intelligence allows us to identify and disrupt C2 communication — but what telemetry do we need to detect malware that doesn’t communicate with C2? We have authoritative knowledge of attacker infrastructure, but what data should we gather to understand attacks that choose their own targets and attack strategies?

To answer these questions, we turned to our advanced cyber threat research team.

Defense in the Next Theater of War

The HYAS Labs team focuses on understanding the nature of tomorrow’s attacks and building the defenses to stop them. In the past, our cybersecurity experts have studied novel attack vectors, such as malvertising. Today, they’re focused on the game-changing, fast-moving threat of malware powered by generative AI.

Released in November 2022, ChatGPT heralded the opening of new capabilities in just about every sector. It didn’t take long for the security community to grasp the idea that technology that can generate code can also generate malicious code. HYAS Labs sprang into action to understand how attackers might use generative AI. We used their findings to evolve our platform accordingly.

Earlier this year, we released a POC that demonstrates the potential power of polymorphic AI. BlackMamba can operate without C2 communication. It uses a large language model to dynamically generate code and synthesize new variants to avoid detection algorithms. Tested against an industry-leading EDR, BlackMamba triggered zero alerts or detections.

In August, we released our second POC. EyeSpy uses AI and LLMs to choose its targets and attack strategy, then adapt and modify its code to align with changing attack objectives. We think of EyeSpy as a “cognitive threat agent.” It makes reasoned decisions about how to attack and how to evolve to avoid detection. And it’s capable of infiltrating every single EDR and XDR on the planet.

Neither POC is a complete solution. With cautionary tales like the leak of the NSA’s EternalBlue in mind, we built enough to understand the mechanics of the offense — but not enough for the code to be stolen and used against organizations or governments.

The Power of Future-Proofing Cybersecurity

These POCs give us the roadmap we need to build effective defenses against them. We now have insight into the telemetry and data required to detect and understand AI-powered attacks. We understand the next theater of war, and we are entering it with the munitions and material to win.

HYAS takes its name from a First Nations word meaning “great, auspicious or powerful.” This reflects the purpose of our company: understanding cyber attacks as thoroughly as possible so we have the most powerful defenses against them. Researching the future of adversary capabilities is how we remain powerful against increasingly adaptive attacks.


Don’t wait to protect your organization against cyber threats. Move forward with HYAS today.

Back to Blog