Skip to content

Malware Bypasses AI-Powered Security Systems with Targeted Code

Bottom line: Malware with code to manipulate LLM-based analysis systems is already circulating; AI security solutions require non-AI-based complementary measures.

Security researchers at SentinelLabs have identified malware specifically designed to manipulate LLM-based analysis systems or block their execution. This new attack method demonstrates that AI security solutions are not automatically more robust than traditional approaches.

SentinelLabs documents the malware under the name macOS.Gaslight, which specifically targets macOS systems. The malicious code contains instructions intended to cause Large Language Model-powered security products to abort their analysis or refuse their implementation. Apple’s XProtect identifies the sample under the rule MACOS_BONZAI_COBUCH; SentinelLabs links the BONZAI signature family to North Korean threat activity.

This is not the first malware of its kind. Checkpoint documented attacks targeting AI-generated analysis for the first time a year ago. This was followed by reports from Socket about payloads with similar bypass mechanisms. The OPSWAT report “The State of File Security” treats this new generation of malware as a trend.

For CISOs, this means that shifting to AI-powered defense mechanisms does not automatically lead to higher security. SentinelLabs warns: While LLM-based analysis is routinely applied, defenders should expect more samples that specifically exploit these systems. A multi-layered approach combining traditional and AI-based techniques remains required.


Source: www.csoonline.com · Published 26 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: