Microsoft has unveiled an autonomous artificial intelligence (AI) agent designed to analyze and classify software independently, aiming to enhance malware detection. The prototype system, powered by a large language model (LLM), is called Project Ire.
According to Microsoft, Project Ire automates the most advanced method of malware classification, which involves fully reverse engineering a software file without prior knowledge of its source or intent. It uses decompilers and other reverse engineering tools to analyze the file and determine if it is malicious or safe.
The goal of Project Ire is to scale up malware classification, speed up threat detection, and reduce the manual workload for analysts. It conducts deep software analysis, including binary analysis, control flow reconstruction, and high-level behavioral interpretation.
The system’s API allows it to use a variety of tools to improve its understanding of a file. These include memory analysis sandboxes built on Project Freta, open-source tools, decompilers, and documentation search engines. Project Freta is a Microsoft Research project that helps detect hidden malware in memory snapshots from live Linux systems.
Project Ire’s analysis process involves several stages:
- Automated tools first identify the file type, structure, and important sections
- The control flow graph is reconstructed using frameworks like angr and Ghidra
- The LLM then uses tools via an API to detect and summarize key functions
- A validator tool confirms the findings against the evidence collected
- A detailed log is created to show how conclusions were made, enabling review and correction when needed
Testing of the prototype on publicly available Windows driver datasets showed that it successfully flagged 90 percent of files, misidentifying only 2 percent of safe files. In another test involving 4,000 challenging samples, it correctly classified 90 percent of malicious files, with a false positive rate of 4 percent.
Due to these promising results, Microsoft plans to integrate the system into its Defender platform as Binary Analyzer for threat detection and file classification.
Microsoft aims to improve both speed and accuracy so the system can handle unfamiliar files effectively, even on the first encounter. The ultimate goal is to identify new forms of malware directly in memory at scale.
In related news, Microsoft awarded $17 million in bounty rewards to 344 security researchers across 59 countries in 2024. A total of 1,469 valid vulnerability reports were submitted from July 2024 to June 2025. The highest single payout reached $200,000. This surpasses the previous year’s total of $16.6 million paid to 343 researchers from 55 countries.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
