Arad Donenfeld
Arad Donenfeld is an attacks and exploits developer in SafeBreach, and has a background in security research from several roles (including Deep Instinct, where this research was conducted). With his strong foundations of development, security, and operating systems internals, Arad develops tools for offensive operations, detection methods, and workflow automation. Arad focuses on practical techniques to identify and manipulate vulnerabilities and breaches, while testing and improving defenses across broad environments
Session
With the use of AI agents catching wind across the offensive security space, from phishing, to fuzzing and penetration testing, it was inevitable that malware would follow suit. While most discussions focus on using AI to generate malicious payloads at the malware’s runtime, or "vibe coding" it, we went a step further: we built a system where AI is the sole participant in the malware creation process itself.
We will begin by talking about how we got to this point, what sparked the idea, and jump into comparing different models - showing which gave the best code, which was most evasive, which prompts worked the best, and what we used in the agent.
We will then dig into the generation process itself – we will show the challenges with earlier implementations, and how we solve them, how to build the workflow to maximize the malware’s capability and randomization, and even how it managed to break signatures.
We will finish by showing how the resulting malware is performing, comparing different samples, and showing how each sample defeated several static malware analyzers, as well as talk about what's next for this agent, and what's next in the domain of AI-generated malware.