2025-08-04 –, Florentine F
This talk explores the rise of AI-powered malware, focusing on Agentic AI and its potential for autonomous threats. We’ll introduce agentic malware, discussing its key features such as autonomy, self-learning, behavior adaptation, and real-time evasion. We’ll walk you through our proof-of-concept autonomous PowerShell agent, demonstrating how it dynamically generates and executes code in memory, resulting in metamorphic obfuscation. Using reasoning models like the Responses API and Sonar, the agent creates strategies to achieve its goals.
Finally, we’ll cover mitigation strategies, such as monitoring AI-related outbound traffic and increasing execution visibility. While agentic AI shows promise in automating pentesting, current malware implementations still offer only limited practical advantages over traditional methods.
Join us to gain insights into why Agentic AI isn’t the end of cybersecurity - yet.
This talk will showcase an agentic AI agent demo that I created. The first version was built using Perplexity's Sonar reasoning pro model, with an updated version leveraging OpenAI's Responses API.
I will walk through each step and feature in detail, analyzing its effectiveness, potential benefits for attackers, implementation challenges, and whether it makes detection harder for defenders.
Key topics will include: Metamorphic code rewriting with LLMs, autonomous reasoning-based strategy selection to achieve goals such as stealing sensitive files, exfiltration via LLMs, and EDR evasion techniques.
The goal of this talk is to demonstrate what is realistically possible while cutting through media hype and misconceptions about so-called "unlockable" agentic AI malware.
Candid Wuest is an experienced cybersecurity expert with over 25 years of passion in the field of security. He currently works as a Principal Security Advocate for xorlab a messaging security startup in Switzerland. Previously, he was the VP of Cyber Protection Research at Acronis, where he led the creation of the security department and the development of their EDR product. Before that, he spent more than sixteen years building Symantec's global security response team as the tech lead, analyzing malware and threats – from NetSky to Stuxnet. Wuest has published a book and various whitepapers and has been featured as a security expert in top-tier media outlets. He is a frequent speaker at security-related conferences, including RSAC and BlackHat, and organizer of AREA41. He learned coding and the English language on a Commodore 64. He holds a Master of Computer Science from ETH Zurich and has various patents and useless certifications.