AI‑Generated Ransomware Bypasses All Major Antivirus: Black Hat 2025 Demo Shocks Security Industry

Breaking brief
SlashNext researchers demonstrated AI‑generated ransomware that evaded detection from most major antivirus suites, underscoring how generative tooling compresses malware development from weeks to hours and amplifies polymorphic evasion at scale.hindustantimes
The live discussion fits a broader Black Hat 2025 theme where agentic AI accelerates both attack creation and defense response, forcing enterprises to rethink controls beyond signature‑based AV alone.halcyon+1

What exactly was shown
Investigators detailed how generative platforms were orchestrated to produce functional ransomware with minimal manual coding, swapping traditional hand‑built stages for AI‑assisted code generation and refactoring loops.hindustantimes
Tests reported that the resulting payloads bypassed the majority of mainstream security suites, with repeated launches mutating structure and indicators to resist fingerprinting, hallmarks of polymorphic behavior.hindustantimes

How AI slashes development time
Generative models convert high‑level attacker prompts into code scaffolds, iteratively refining encryption, persistence, and unpacking logic in hours instead of the weeks typical of bespoke ransomware families.hindustantimes
Black Hat 2025 coverage consistently emphasized this time compression as a core risk multiplier as attackers automate reconnaissance, building, and QA with agentic AI workflows.getjavelin+1

Polymorphism and AV evasion
The demo’s standout was adaptive code variance on each execution, frustrating signature‑driven engines and simple static YARA matches as structure, strings, and control flow shift between runs.hindustantimes
SlashNext’s adjacent research into crimeware AIs shows tools that generate Windows‑evasive ransomware on demand and claim Windows Defender bypass, validating that automated polymorphism is entering attacker toolchains.scworld

Why this matters for enterprises
Signature‑first AV cannot keep pace when payloads are machine‑generated variants, making behavior‑centric detection, identity‑aware controls, and rapid telemetry correlation the new baseline.halcyon+1
SOC leaders at Black Hat framed agentic AI as the next arms race: defenders must embed AI in triage, anomaly detection, and response while securing model/tooling supply chains.getjavelin+1

Technical analysis highlights

• Build flow: prompt→code skeleton→lint/refactor→test evasions→pack/persist, with AI agents iterating until static scans quiet and sandbox triggers drop.hindustantimes

• Evasion set: string obfuscation, encryption of config, randomized imports, API hashing, and packaging variants across runs to defeat simple matching.hindustantimes

• Delivery shift: the same AI pipelines can mass‑personalize lures and TTPs, coupling polymorphic payloads with targeted phish and vish at scale.scworld+1

What SlashNext researchers have been saying
SlashNext analyses this year spotlight criminal AI platforms that advertise ransomware generation and “no‑jailbreak” model access, with screenshots showing code aimed at bypassing Windows Defender, reflecting the same evasion goals highlighted at Black Hat.scworld
Their long‑running reporting also links GenAI adoption to surging phishing volumes, arguing that AI is already expanding the top of the funnel feeding extortion campaigns.scworld

Detection playbook for AI‑generated threats

• Behavior over signatures: prioritize encryption‑at‑scale detectors, suspicious file ops bursts, shadow copy and backup tampering, and rapid registry/service changes over static byte patterns.halcyon+1

• Model‑in‑the‑loop defenses: use AI to cluster near‑duplicate payloads and emails even when code and text differ, and score anomaly context across hosts, identities, and network flows.getjavelin+1

• Memory and pipe hunting: watch for reflective loaders, unusual named pipes, and short‑lived injectors that precede filesystem artifacts, especially when static scans are clean.halcyon

• Email and comms: apply AI classifiers for spear‑phish/vish patterns and enforce call‑back verification to blunt OTP harvesting that often precedes encryption or extortion.scworld+1

Next‑gen security approaches

• Endpoint: harden EDR to weigh process lineage, LOLBIN abuse, rapid file‑touch rates, crypto API patterns, and driver tampering, with model‑based scoring to catch polymorphic shifts.getjavelin+1

• Identity: mandate phishing‑resistant MFA and conditional access; most ransomware blast radius comes from stolen tokens and over‑permissioned service accounts.halcyon

• Data: DLP tuned for bulk exfil patterns and rapidly compressed archives to counter pure‑extortion plays that skip encryption entirely.halcyon

• AI governance: require vendor telemetry on AI tool usage, kill‑switches for abusive patterns, and audits of prompts, outputs, and toolchains used in production workflows.everestgrp+1

How Alfaiz Nova tested this (lab blueprint)

• Environment: isolated hypervisor lab with Windows and Linux VMs, offline EDR/AV mirrors, and traffic capture, never touching production networks.

• Method: replay benign polymorphism harnesses and known ransomware simulators to validate behavior‑based detections without deploying live malware, measuring signal quality against static‑only engines.

• Telemetry: collection of ETW, Sysmon, EDR events, and full‑packet PCAPs to trace encryption attempts, pipe/process graphs, and API calls, plus email classifiers for AI‑styled lures.

• Outcome goal: verify that behavior and identity controls trigger regardless of code variance, while static signatures alone intentionally miss polymorphic runs by design.

FAQ

• Did the demo truly bypass “all” AV engines? Reports say “most” major suites were evaded in testing, which is sufficient to reset risk assumptions even if some engines flagged variants.

• Is this brand‑new malware capability? The novelty is speed and scale: agentic AI makes polymorphic ransomware easier and faster to produce and iterate than traditional bespoke dev cycles.

• Can AV still help? Yes, as part of a layered stack—pair modern EDR, identity controls, and AI‑assisted anomaly detection with careful email/web filtering and disciplined backup hygiene.