Microsoft has introduced Project Ire, an initiative designed to automatically identify malware using artificial intelligence technologies.

On Tuesday, Microsoft announced the development of an autonomous artificial intelligence (AI) agent designed to analyse and classify software independently, aiming to enhance malware detection capabilities. This large language model (LLM)-powered system, currently in prototype form and codenamed Project Ire, automates the gold standard in malware classification by fully reverse engineering software files without prior knowledge of their origin or purpose. Microsoft stated that the system employs decompilers and various tools to assess the output and determine whether the software is malicious or benign. Project Ire seeks to facilitate large-scale malware classification, expedite threat response, and minimise the manual workload for analysts tasked with evaluating software samples.

The system utilises specialised tools for reverse engineering, conducting analyses at multiple levels, from low-level binary analysis to high-level code behaviour interpretation. Its tool-use API allows the system to enhance its understanding of files through a diverse array of reverse engineering tools, including Microsoft memory analysis sandboxes based on Project Freta, custom and open-source tools, and multiple decompilers. The evaluation process involves several steps, such as identifying file types, reconstructing control flow graphs, and validating findings against evidence. In tests, Project Ire demonstrated a 90% accuracy rate in flagging files and a mere 2% false positive rate for benign files. Based on these promising results, Microsoft plans to integrate the Project Ire prototype into its Defender organisation as a Binary Analyzer for improved threat detection and software classification.