In a groundbreaking cybersecurity revelation, Google’s Threat Intelligence Group (GTIG) announced the discovery of AI-driven malware that can dynamically rewrite its code while conducting live cyberattacks.
According to Google’s latest Threat Intelligence Report, multiple malware families — notably PROMPTFLUX and PROMPTSTEAL — have been identified using artificial intelligence to evade detection, adjust to defensive countermeasures, and enhance their persistence during operations.
A New Age of Adaptive Cyber Threats
Researchers describe these AI-enabled malware variants as a “significant step toward more autonomous and adaptive malware.” Unlike traditional malicious software, which follows static code paths, these new threats use AI models to self-modify and generate new variants in real time.
This capability allows them to bypass signature-based detection systems, alter their behavior mid-attack, and even learn from defensive responses — a phenomenon once limited to theoretical research.
“Threat actors are no longer leveraging AI just for productivity gains,” Google’s report states. “They are now deploying novel AI-enabled malware in active operations, including state-sponsored campaigns.”
The AI Malware Families: PROMPTFLUX and PROMPTSTEAL
- PROMPTFLUX is believed to use language model–based code rewriting to disguise malicious payloads and rotate attack patterns automatically.
- PROMPTSTEAL, on the other hand, focuses on data exfiltration and credential theft, using AI to modify its exfiltration pathways depending on network defenses.
Both malware families reportedly show signs of ongoing evolution, suggesting continuous refinement through AI training feedback loops.
State-Sponsored and Criminal Deployment
The report indicates that both state-backed cyber groups and organized cybercriminal networks have begun experimenting with or actively using these tools. This evolution reflects a dramatic shift from experimental AI threats to real-world deployment in espionage and ransomware operations.
Cybersecurity experts warn that these developments could lead to a new arms race in cyber warfare, with attackers and defenders both increasingly dependent on AI capabilities.
Google’s Response and Industry Implications
Google says it is working closely with global cybersecurity agencies and partners to update defensive AI systems and improve early detection models that can recognize AI-driven code mutations.
The company urges organizations to strengthen monitoring of anomalous code execution, adopt behavior-based threat detection, and ensure AI model integrity across all enterprise tools.
As artificial intelligence becomes a double-edged sword in cybersecurity, the discovery of self-rewriting malware underscores the urgent need for AI governance, ethical frameworks, and advanced threat intelligence collaboration worldwide.