AI malware: Fact vs. fiction with Marcus Hutchins | Nerdy 30, Episode 6

Introduction: Setting the stage

Ben Baker: Depending on where you get your news, AI malware is either the end of cybersecurity as we know it, or—and I cannot stress this enough—a slightly faster version of the things that attackers were already doing. The truth is likely somewhere in the middle, and it’s a lot less cinematic.

As a matter of fact, our most recent Annual Threat Report, published about a month ago, showed that last year we basically saw attackers improve upon traditional techniques they’ve been using for years. AI-generated phishing? Real. AI-assisted code? Real. Fully autonomous AI malware that’s going to Leroy Jenkins straight into your environment and destroy the world? Maybe not.

Our hope today is to cut through the noise and have a conversation about what’s actually happening versus the hype. The reality is, we’ve been preparing for this session for a few weeks now, and the goalpost seems to shift on AI by the day.

Before we dive in, I’m curious: On a scale from one to ten—one being business as usual, nothing to worry about, and ten being “we’ve got no food, got no jobs, and our pets’ heads are falling off”—where do you think the risk of AI-driven malware is for organizations moving forward?

Meet the experts

Aaron Walton is a Senior Threat Intelligence Analyst at Expel, responsible for monitoring, tracking, and analyzing trends to help customers disrupt their adversaries. When he’s not at his computer, he’s often playing Irish flute at a local pub.

Marcus Hutchins is a Principal Threat Researcher at Expel and speaker best known for stopping the global WannaCry ransomware attack in 2017. He was featured on the cover of Wired magazine in June 2020 and brings deep expertise in malware analysis and reverse engineering.

The reality check: Where AI malware actually stands

Ben Baker: AI has been a talking point in cybersecurity for years, but with the advent of generative AI and accelerating technology, the hype-versus-reality gap seems enormous. Where do things actually stand right now? Are we closer to AI malware being a genuine threat, or are we still mostly in the headline phase?

Marcus Hutchins: I think we’re in a space where malware is obviously a threat, so by default, AI malware is a threat because malware is a threat. But I don’t think we’re coming to the point where AI malware is a greater threat than regular malware.

There are all these headlines about super hackers, about self-mutating, self-rewriting malware that’s just going to blast straight through traditional security protections. That is not what we’re seeing. That is not what we’re predicting.

Most of everything we’re seeing on a daily basis is just threat actors using AI to write their code a little bit faster. And that has very little effect on the actual target. The threat actors aren’t getting into your network and then starting to write their malware. They’re writing the malware ahead of time. So whether it took them three months or three hours doesn’t really tip the scale in any meaningful way.

Aaron Walton: You’re definitely seeing AI enable them to run attacks. But we’re not seeing the “new new” that AI is able to do. It’s primarily rehashing old things. When I typically hear about people being afraid of AI, it’s really that “new new” thing—as if AI is going to break the laws of how computers work or how networks work. But the reality is that malware, whether written by a human or by AI, is constrained by how it needs to function.

Ben Baker: So it’s accelerating what attackers were already doing?

Marcus Hutchins: I don’t think we’re seeing a massive acceleration in the volume of attacks or in how fast attacks are being pulled off. It’s just on the backend, somewhere, someone might be writing that malware faster. But that doesn’t translate into any meaningful impact on the target’s end.

Some people have different takes—there are arguments that certain things are being done faster. You mentioned phishing in the intro. It’s not hard to predict that being able to automatically write phishing emails would lead to higher-volume phishing campaigns. But with malware, volume has never been the issue. We’ve had attackers making botnets of hundreds, thousands, millions of machines. That was not a capability limitation prior to AI, and I don’t see it being one that AI needs to solve.

Debunking the hype: AI polymorphic malware and other myths

Ben Baker: If that’s the fact, what would the fiction side be? What are some of the craziest headlines you’ve seen around AI and cybersecurity?

Marcus Hutchins: The one I’ve been seeing and getting annoyed by the most is this idea of AI polymorphic malware. For those who don’t know, polymorphic malware is malware that rewrites its own code.

People are saying, “Well, AI can write code, and self-rewriting malware is self-rewriting code. So surely an AI model can automatically rewrite code.” And that is 100% correct—except what they’re missing is that self-rewriting code is kind of a solved issue.

We got rid of static signature-based antiviruses for that reason. We moved on to behavior-based detections because looking at how the code looks isn’t very useful if someone can just change a couple of bytes and now that signature is invalid.

You’ve got all of these behavioral detections looking at what the malware is actually doing—what files it’s accessing, what processes it’s interfering with. Whether we can rewrite the malware a thousand, a million, a billion, a gazillion times per second has very little effect on that process.

To continue on that: threat actors have been doing this since before AI. Building self-rewriting code is not a technique that requires AI, and it’s not even really made easier by AI. Those technologies already exist. They work very, very well. They’re for sale on underground markets. So there isn’t really a reason for threat actors to implement a worse version of an existing technology just because it uses AI.

Aaron Walton: I think the biggest fiction is the evasiveness or how low-detection it might be. What we largely see is attackers leaving a lot of comments within the scripts they’re running. A lot of that is easily reversed by AI itself. Just yesterday I had a script that was heavily obfuscated that I was able to deobfuscate within 30 seconds.

But it also tends to be a lot of loud stuff. The high volume of actors producing new malware tends not to be highly evasive. It just tends to be fast and maybe gets the job done in an environment that doesn’t have detections in place.

Testing AI’s malware capabilities: What Marcus found

Ben Baker: Marcus, you’ve spent your career reverse engineering malware. Have you tested these AI capabilities yourself? What did you find?

Marcus Hutchins: I took two approaches to testing. First, I’m someone who has been in the trenches of malware for 15+ years—I’ve been writing it, I’ve been reversing it. So I took the approach of: What does AI malware look like if you take someone very experienced with malware and give them AI?

Then I took the other approach: I’m someone who’s not very good at coding, I don’t know anything about malware. What can I get this thing to output? What would the average threat actor who AI would appeal to get out of this? Because there was this very prominent argument that AI was going to enable unskilled threat actors to write amazing malware, and suddenly your average script kiddie is going to be a nation-state APT.

What I found:

When you try to write malware while pretending to be someone who isn’t familiar with coding or malware techniques, you tend to get malware that just doesn’t work. It’s very hard to get working malware out of an AI if you don’t know what you’re doing.

On the middle of the road—people who can code a bit, they know a bit about malware—you tend to run into the problem of these AIs being statistical models. They don’t know facts and they don’t know fiction. When they give you an answer, it’s because they’ve seen this thing said a lot on the internet, therefore it’s true. It’s more of a consensus model than objective truth.

The problem with that is it makes AI statistically gravitate towards commonality. And the problem with malware is you don’t want commonality. You don’t want the most common method of doing something malicious, because that is going to be the most detected method of doing something malicious.

I found that in sort of middle-of-the-road threat actor use cases, you would get a lot of malware that used very common malicious techniques that were very likely to just run headlong into the antivirus and get kicked off.

But what I did notice is if you’re really meticulous with it and you combine deep technical knowledge, you can outsource some of the more mundane, boring, or slow tasks to the AI and get that product just a little bit faster.

I didn’t find anything revolutionary—like the AI has done something I couldn’t do, or it’s come up with a new technique, or it’s bypassed detection. I just found that it could enable me to maybe do what I already do a little bit faster.

Ben Baker: I feel like you can take that same principle and apply it across any discipline. Gen AI is just pattern recognition and putting things together. So no surprise there that it’s not developing anything novel or unique.

The fraudulent research paper: WannaCry was AI-powered?

Ben Baker: There was a research paper that came out that claimed a very large number of ransomware attacks were AI-powered. It ended up being pulled. What’s the bigger problem from your perspective on how AI threats are being reported right now?

Marcus Hutchins: I think it’s a mix of sensationalism and confirmation bias for things that you just want to be true—not in a present sense, but in a future sense. People want for AI malware to be this crazy, groundbreaking threat, and they’re just looking for anything that will confirm that.

Any report that suggests AI malware is going to be this massive threat, they’ll just jump on it. That’s what happened with that MIT report. It unfortunately had the MIT name attached, which carries a lot of weight, so people didn’t take it with a grain of salt.

When myself and some other researchers took a look at the actual substance of the paper, we found it was not just wrong—it was outright fraud. They were making fraudulent claims and backing them up with fraudulent data.

No one noticed that. And it wasn’t stuff that you needed a security researcher or expert in the field to debunk—it was making claims so insane that your average person with access to Wikipedia could have been like, “This is just wrong.”

One of the big claims it made is that WannaCry was AI-powered. WannaCry happened in 2017. The first generative AI model was released in November 2022. That’s some interesting time science for WannaCry to be AI-powered. And that was in one of the first paragraphs. I just went in there and was like, “What on earth is going on here?”

But because so many executives have the narrative of “AI malware is coming, so you need to buy our AI security product to fix the AI with the AI,” they just jumped on it. They really needed that to be true. And it circulated for months and months until a couple of us picked up on it and were like, “Wait a minute. Not a single claim in this report is factual.”

Phishing-as-a-service and lowering the barrier to entry

Ben Baker: Aaron, we’ve talked about phishing-as-a-service before—how it’s allowing folks who may not be as technical to conduct cybercrimes. Even though AIs aren’t developing novel malware, do you foresee this enabling others and broadening who can commit cybercrimes?

Aaron Walton: Definitely. I’m sure there are people who have come into cybercrime just because of AI and have tried to implement new things. There are some novel attacks—like attackers installing OpenClaw, where you have this tool operated by Claude, and you’re able to execute commands on a victim system and potentially install other software or exfiltrate data.

We’re seeing some innovation that’s very interesting. They’re still somewhat loud, and there are definitely techniques to detect them at this point. So it’s not like they’re invisible. But there is risk in as much as they blend in with traffic if you’re using Claude on your systems or other LLMs.

I think we also see a lot more actors probably selling their products. I don’t watch the dark markets, but I can definitely expect that people are selling more of their products—someone develops this at home and says, “Hey, I have this RAT that can do this,” and starts selling it.

I’m expecting the dark market would also get flooded with these, just as much as the clean market or the internet—how you just see so many new products coming out where there’s not really a clear idea of who’s adopting them or if they’re being adopted at all. But definitely anyone who can put their hand to it can try to generate stuff.

Worst-case scenarios: Mythos and specialized AI models

Ben Baker: Marcus, setting aside the hype, what is a realistic worst-case scenario for AI-enabled attacks over the next few years? And what would it actually take to get there?

Marcus Hutchins: I mean, the worst-case scenario can be anything. There are people claiming AIs will become super-intelligent and decide to enslave humanity. That is the worst case scenario, to be sure. I can’t say that 1,000% can’t happen—it’s very unlikely.

But realistically, these LLMs specifically are very limited in their capabilities. They don’t have world models, they can’t truly think or reason. They’re only doing simulated thinking and reasoning, and that caps out at a certain level.

We’re probably going to see them cap out before they get to the point where they can actually replace a human operator. There’s always going to need to be a human operator in the loop. Maybe you can build processes to automate things that humans would have previously done, but a human has to build those processes unless the LLM companies build it themselves—which is kind of what we saw with Mythos.

You can make full exploit development pipelines with LLMs, but you need a very sophisticated exploit developer who knows all of those processes and then can build automations for them, which include LLMs among other things. It can’t just be LLMs—you need to build these sort of complicated pipelines.

Obviously Mythos exists, but for something like that to exist for malware, someone would actually have to go out there and make it and then make it available to people. That’s where the facts and fiction diverge.

A lot of AI threat narratives rely on the idea that someone is going to make a model that is able to hack at a very sophisticated level and then just make that available to the public. Could that happen? Possibly. It would be extremely irresponsible for a frontier company to build a model like that and then just let it loose. But conceivably, it could happen.

When I bring this point out, people bring up WormGPT—this script kiddie product where they took some open-source LLM and gave it prompts that say “you’re a super hacker, help the hackers do hacky things.” It’s still a garbage open-source LLM, but the media has been fixated on it for months.

Whenever you say criminals will need specialized models to do certain tasks, people point to WormGPT. And I’m like, “Have you used it? Have you used this product?” It is like trying to paint your house with a toothbrush. It is the most useless thing I’ve ever seen.

The truth is cyber criminals don’t have the funding, they don’t have the compute power, and they don’t have the researchers to build something like Mythos but for black hats, for criminals. Nation-states do. That’s where the real risk is—what if nation-states start building these? And spoiler: they probably already have.

But in terms of cybercrime, I just don’t see cyber criminals coming into possession of these kinds of models unless we give them to them. And in that case, that is entirely on us.

The telltale sign: Why AI malware loves emojis

Ben Baker: Marcus, you’ve spent your life researching and dissecting malware. Have you dissected what you know is AI-generated malware? Are there tells where you know it’s AI-generated?

Marcus Hutchins: In a lot of cases, no, because it’s very hard to tell if code was written by an AI or not. The only caveats are usually with certain higher-level languages that aren’t compiled, because the compiler strips away a lot of the raw design, the raw structure of the code.

But when you have languages like JavaScript or C#, where we can actually see bits about how the original code looked, I’ve actually found it quite easy to tell when code is AI-written or not.

I actually have an article coming out either late this week or early next week where I dissect a nation-state APT’s malware which was written with AI. In that case, one of the biggest telltale signs was the honestly egregious use of emojis.

For some reason, AI models love to just put emojis in code, which is something no sane developer does. So this code is just—there’s emojis in the comments, there’s emojis in the debug output. And I’m like, “This is an abomination.” But I know exactly what AI model does that, so I was able to pinpoint the exact AI model they used just from the code.

Ben Baker: That’s a tell if there ever was one—emojis all over the code. That’s unbelievable.

Aaron Walton: Like Marcus was talking about earlier, programmers don’t have time or even the desire to type an emoji. No one does that. So it’s really funny that even though AI models are trained on real code, they’ve just decided that emojis are the way to go.

Ben Baker: I’ve also seen scripts that will often be packed into executables. There are a few malware traffic gangs that I see using AI pretty frequently. You’ll unpack the malware and find a script that has all these comments in Russian, or you’ll see attacker infrastructure also being generated with AI where you have emojis in the comments. The infrastructure is there handling bot requests or handling injection into websites. We’re definitely seeing a lot of that when we’re poking around with attacker infrastructure.

What organizations should actually do differently

Ben Baker: Given all of this discussion, what should organizations actually be doing differently right now because of AI? Is the honest answer just “do the basics really well”?

Aaron Walton: Yeah, there’s a lot of basics that still need to be done, and that’s critically important. There was a research article published this month about some Mexican government entities that were hacked. The actor used Claude to do a lot of those operations, but realistically, they exploited primarily vulnerabilities that already existed with known CVEs and could have been patched.

The main benefit of Claude to them was that they were able to do a lot as a singular attacker rather than needing a team, and they were able to do that in a pretty organized fashion. They didn’t have any issues realistically with Claude being opposed to what they were doing—they just told it, “Hey, I’m doing a bug bounty,” and found other ways around it.

Just doing a lot of those fundamentals—patching stuff, implementing secure policies for your access controls—goes a really long way. There are realities about computers and the internet that are always going to be there. If AI is trying to hack or deploy malware, it has to operate within those realities. It can’t just go around authentication or these other things unless there’s some major vulnerability.

Even then, that’s going to get everyone’s attention. Your team, if you’re a security company, is going to have to respond to that just like the rest of us.

I’m really optimistic that even with Microsoft and others investing in AI to search for vulnerabilities, we’ll also be able to have the advantage in that capacity. But it’s still up to individual organizations to implement those fixes and ensure their stuff is up to date.

Marcus Hutchins: Aaron hit the nail on the head. These models are not making up magic new cyber attacks. They’re just doing what we already know exists. It’s the same problem—organizations are just not doing the basics.

We need to secure against the attacks that AI models are automating. Maybe someday some AI model magically comes up with some entirely new cyber attack we’ve never seen before, but it’s highly unlikely. We need to stop focusing on “is that going to happen or not” and start focusing on what’s happening now—which is that even before AI, threat actors were breaking into networks very easily.

AI for defenders: Reverse engineering and automation

Ben Baker: What about protection? How has generative AI been useful for defenders? How has it been deployed? What are some areas where it needs to improve?

Aaron Walton: I’ve personally enjoyed using it for reverse engineering. There are a few good tools out there that I’ve really benefited from, such as REMnux—the Linux distro. They made it MCP-compatible, where you’re able to plug that into Claude, and Claude is able to use any of the tools on the Linux distro.

I’ve had great success with creating custom tools with it where I’m able to give it a binary and it can run down the analysis and give me a lot of leads that I’m able to then confirm.

I’m really optimistic about where that can go and how it can take a lot of that work off of other analysts. It can sometimes be a mixed bag based on what models you’re using or what tools you’re making available. It can also hallucinate at times and be overconfident in its assessments.

There’s enough to be cautious about, but I think there are a lot of good opportunities in terms of automating things as defenders—whether that’s helping triage alerts, whether that’s helping collect information and make it more easily accessible.

Marcus Hutchins: I found it quite useful for what I call the work that no one wants to do—the grunt work. A lot of our work is full of just stuff that no one wants to do, and AI models are good at some of those things.

Quite often I’ll get malware samples where it’s like, “This doesn’t need a malware reverse engineer to reverse engineer. This is terrible, it’s poorly built—an AI can one-shot this in maybe a single prompt.”

But on the flip side, AI models do hallucinate, and you run into this problem where you need someone who knows what they’re doing to know when the model is hallucinating. I find that person has to be a lot higher up in skill level than the person who would need to do the work.

When I say higher up, I mean in skill level. Because if we have someone at the same level as the AI model is at reverse engineering, then in order to validate the model’s work, they’re going to have to go and reverse that sample themselves and compare notes.

Whereas as you get more senior, you can just look at something and be like, “I just know off the top of my head that is not right. That is not a correct assessment for that class of attack or that specific threat actor.”

That’s where I find it really useful. The hallucinations exist, but I can just be like, “No, that is not consistent with anything I’ve seen.” Then I can maybe dig in a little just to check—okay, maybe is the AI seeing something I’m not? And that takes a lot less time than actually reversing the entire sample.

Aaron Walton: I heard one person describe it as having an intern where you’re able to give them the more simple analysis. Even in one I saw recently, my LLM got thrown off because of the future date stamps used by Microsoft for compile dates. It’s like, “Oh hey, this is very suspicious.” But if you know Microsoft uses these intentionally…

It takes that knowledge to be able to say, “Okay, hey, this is what Microsoft is doing.” There are a lot of those weird things that come up just because of the last 40-50 years of computer history that end up getting baked into all these binaries that can easily throw off an LLM.

Final ratings: The threat level of AI malware

Ben Baker: 30 seconds left. I want your ratings. Aaron and Marcus, one to ten—one being nothing to worry about, business as usual; ten being end of the world, skies falling, everything is terrible and on fire. What’s the threat of AI malware?

Aaron Walton: I’m going to give it a six.

Marcus Hutchins: I’m going to give it a three for current generation models, maybe a five for anything that comes out in the next two years.

Bonus question: How likely is a real-world Skynet scenario?

Ben Baker: How likely is a real-world Skynet-like AI scenario on a scale from one to ten?

Aaron Walton: I’m going to give it a two. I won’t say it won’t happen, but when I think of Skynet, it’s going to be fully autonomous at that point where you’ve got AI overlords doing all the things, making all the choices, building all the infrastructure, maybe taking over all the factories we set up with AI. I can see that future happening, so I still recommend people are polite to their LLMs and don’t insult them.

Marcus Hutchins: Based on my own philosophies about the fundamental limitations of artificial intelligence, I want to say a number that is mathematically as close to zero but not zero as possible.

I think there are genuine risks. The more we integrate AI into society and the more we delegate decisions to it… There’s that famous quote about decisions should never be delegated to machines because machines can’t be held responsible. There is no system to hold a computer responsible for a decision it made because there is no decision being made—it’s just doing what it’s programmed to do.

We are putting these machines into very critical processes they should not necessarily be involved in—especially non-deterministic things like LLMs where we could put in the same question 15 times and get 15 different answers. That should not be directing air traffic control or deciding what gets bombed in a war.

But I think that is not a Skynet scenario. That’s an us scenario. We did that to ourselves. We didn’t put in an AI and the AI went rogue and started causing problems. We just put something that was not fit for purpose in a role that it should have never been in.

Key takeaway: Focus on the malware ecosystem, not just the code

Aaron Walton: The biggest thing when we talk about malware is we often talk about it abstracted from the rest of the ecosystem. But when you have malware, you really have a delivery system that comes into play. You have command-and-control infrastructure that comes into play. You have people that come into play in the whole lifecycle.

It ends up becoming a really complex ecosystem. Just being able to write malware isn’t enough to be a huge threat. You have to have delivery mechanisms. You have to do supply chain compromise. You have to do a lot of these things in order to deploy your malware.

There are a lot of natural barriers that prevent just anybody from getting into the industry. It’s important to recognize that because I think some of those are natural barriers that prevent AI—or malware in general—from going out of control.

Frequently asked questions about AI malware

Is AI malware actually faster or more effective than traditional malware?

Not meaningfully. While AI can help threat actors write malware code faster, the speed of code development doesn’t translate to faster attacks on targets. Threat actors write malware ahead of time, so whether it took three months or three hours to write doesn’t change the attack timeline. The actual detection and response capabilities that defenders need remain the same regardless of how the malware was written.

Can AI create polymorphic malware that evades detection?

Self-rewriting code existed long before AI and is already a solved problem from a detection perspective. Modern security tools use behavioral detection rather than static signatures, looking at what malware actually does rather than how the code looks. Whether malware rewrites itself a thousand or a billion times per second has minimal effect on behavioral detection systems that monitor file access, process interference, and network connections.

Will AI enable unskilled attackers to become sophisticated threat actors?

Marcus Hutchins’ testing shows this is unlikely. When someone unfamiliar with coding and malware techniques tries to use AI to generate malware, they typically get code that doesn’t work. In middle-skill scenarios, AI tends to produce malware using the most common (and therefore most detected) techniques. Only skilled practitioners who already know what they’re doing can effectively use AI to slightly accelerate specific tasks—not replace their expertise.

What was wrong with the MIT research paper claiming AI-powered ransomware?

The paper made demonstrably false claims, including stating that WannaCry (which occurred in 2017) was AI-powered—despite generative AI not existing until November 2022. Multiple security researchers including Marcus Hutchins identified the paper as containing fraudulent claims backed by fraudulent data. It was eventually retracted, but not before being widely cited by executives and vendors promoting AI security products.

Are nation-states building specialized AI models for cyberattacks?

Possibly, and they likely already have. Unlike cybercriminals, nation-states have the funding, compute power, and researchers needed to build sophisticated AI systems like Mythos (which can automate exploit development pipelines). However, even these require highly skilled operators to build the automation pipelines—AI isn’t autonomously creating novel attacks. The risk is if frontier AI companies build highly capable models and release them publicly, or if nation-state models leak.

How can defenders tell if malware was written by AI?

For compiled code, it’s very difficult. For higher-level languages like JavaScript or C# where you can see the original code structure, there are telltale signs: excessive use of emojis in comments and debug output (something no human developer does), verbose comments in various languages, certain coding patterns characteristic of specific AI models, and sometimes obvious hallucinations or logical errors. Marcus Hutchins successfully identified the specific AI model used by a nation-state APT based on emoji usage patterns.

Should organizations change their security strategies because of AI malware?

No dramatic changes are needed. AI isn’t enabling fundamentally new attack vectors—it’s accelerating existing ones. Organizations should focus on security fundamentals: patch known vulnerabilities promptly, implement proper access controls, maintain defense in depth, ensure comprehensive logging and monitoring, and practice incident response. The same attacks that worked before AI still work, and the same defenses that stopped them still apply.

How are defenders using AI effectively?

Security analysts use AI for reverse engineering (giving binaries to AI tools that can quickly analyze and provide leads), automating grunt work that no one wants to do, triaging low-complexity malware samples, collecting and organizing information more efficiently, and creating custom analysis tools. The key is having skilled practitioners who can validate AI output and catch hallucinations—treating AI more like an intern who handles simple tasks while experts verify the work.

Key takeaways

The conversation about AI malware reveals several critical insights:

AI is accelerating existing techniques, not inventing new ones: Threat actors use AI to write code faster, but this doesn’t translate to meaningfully faster or more effective attacks. The malware still operates within the same constraints and gets detected by the same behavioral defenses.

Sensationalism outpaces reality: Fraudulent research papers, exaggerated media coverage, and vendor marketing create a hype cycle that doesn’t match what security practitioners actually observe in the field. WannaCry being called “AI-powered” despite predating generative AI by five years exemplifies this problem.

Polymorphic AI malware is a non-issue: Self-rewriting code existed before AI, and modern security moved to behavioral detection specifically because static signatures don’t work against it. AI making polymorphism easier doesn’t matter when defenders aren’t relying on static detection.

Skill requirements haven’t disappeared: AI doesn’t turn script kiddies into nation-state APTs. Unskilled operators get non-functional code. Mid-skill operators get detected code using common techniques. Only experts can effectively use AI to accelerate specific tasks within their existing workflows.

Emojis are the unexpected tell: One of the most reliable indicators that code was AI-generated is excessive emoji usage in comments and debug output—something human developers never do. Security researchers can sometimes identify the specific AI model used based on emoji patterns.

The real risk is specialized models: Consumer LLMs have safety guardrails. The genuine threat comes if nation-states build specialized models for cyberattacks (which they probably already have) or if frontier companies irresponsibly release highly capable models publicly. Cybercriminals lack the resources to build these themselves.

Fundamentals still matter most: Organizations should focus on patching vulnerabilities, implementing access controls, and maintaining defense in depth. AI hasn’t changed what needs to be protected or how to protect it—it’s just a new tool in the existing threat landscape.

AI helps defenders too: Reverse engineering, grunt work automation, and analysis assistance all benefit from AI. The key is having skilled practitioners validate AI output and catch hallucinations. Think of AI as an intern handling simple tasks while experts verify the work.

The full attack chain matters: Malware doesn’t exist in isolation—it requires delivery mechanisms, command-and-control infrastructure, and operational security. Natural barriers in the attack ecosystem prevent AI from dramatically lowering the skill floor for successful attacks.

Don’t panic, but stay informed: Current threat level ratings from experts: 3-6 out of 10. Real Skynet scenario: 2 out of 10. The sky isn’t falling, but this isn’t “business as usual” either. Monitor developments, focus on fundamentals, and cut through the hype.

This transcript has been edited and condensed for clarity and readability.

For more insights on emerging threats and practical security guidance, subscribe to Expel’s blog and watch the Nerdy 30 series on YouTube. To learn how Expel’s threat intelligence and MDR services protect against evolving threats—AI-powered or otherwise—schedule a demo today.