Microsoft has unveiled Project Ire, a prototype autonomous AI agent that can analyze any software file to determine if it’s malicious.

AI agent malware reverse engineering

Microsoft on Tuesday unveiled Project Ire, a prototype autonomous AI agent that can analyze software files in order to determine whether they hide malware.

According to Microsoft, Project Ire can autonomously reverse engineer and classify software without any prior context, automating and scaling what can be a complex process.

Project Ire was developed by teams at Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum.

It uses decompilers and other tools to gather data that enables it to determine whether a file is benign or malicious, while also providing a traceable chain of evidence.

“The system’s architecture allows for reasoning at multiple levels, from low-level binary analysis to control flow reconstruction and high-level interpretation of code behavior,” Microsoft explained.

It added, “Its tool-use API enables the system to update its understanding of a file using a wide range of reverse engineering tools, including Microsoft memory analysis sandboxes based on Project Freta, custom and open-source tools, documentation search, and multiple decompilers.”

Project Ire’s goal is to reduce analyst error and fatigue, accelerate threat response, and strengthen defenses against evolving attacks, Microsoft said.

https://www.securityweek.com/microsofts-project-ire-autonomously-reverse-engineers-software-to-find-malware/

The National Institute of Standards and Technology released new guidance on building end-to-end zero-trust architectures (ZTA), providing security teams with practical, real-world examples of how to enhance their organization’s defenses.

The guidance (SP 1800-35) offers 19 example ZTAs built using commercial, off-the-shelf technologies to give organizations a starting point for implementing zero trust. Developed through a four-year project at the NIST National Cybersecurity Center of Excellence with 24 industry collaborators, SP 1800-35 addresses the reality that every ZTA implementation should be treated as a custom build because every organization’s network environment and needs are different.