"Agentic AI is beginning to reshape malware detection and broader security operations. These systems are being used not to replace humans, but to take on the lower value jobs that have historically tied up analysts - from triaging alerts to reverse-engineering suspicious files. Microsoft's Project Ire is a recent high-profile example. The agent autonomously reverse-engineers software and recently produced the first AI-authored "conviction" strong enough for Windows Defender to block an advanced persistent threat (APT)."
"The company has also previewed a Phishing Triage Agent that processes user-reported emails and generates natural-language rationales for security teams. Other vendors are moving in the same direction. CrowdStrike has embedded Charlotte AI into its Falcon platform, enabling automated triage with contextual explanations. ReliaQuest's GreyMatter platform incorporates agentic AI to automate elements of detection, investigation, and response across integrated security tools."
"Research groups are also contributing. Google's Big Sleep agent uncovered a critical SQLite vulnerability (CVE-2025-6965), while its Sec-Gemini model is enhancing forensic workflows for threat and root cause analysis. Although they target different problems, from malware analysis to phishing detection to forensic workflows, these systems share a similar design philosophy. They don't just produce a classification, they generate outputs structured for analyst review, making transparency a central part of their operation."
Agentic AI automates routine security operations such as alert triage, malware reverse-engineering, phishing triage, and forensic workflows. Project Ire autonomously reverse-engineers software and produced an AI-authored conviction enabling Windows Defender to block an APT; tests showed high precision on driver datasets (0.98) and telemetry (~89%) but lower recall in telemetry (25%), making the agent well-suited to triage where minimizing false positives is critical. Vendors including CrowdStrike and ReliaQuest and research groups like Google are integrating agentic systems to automate detection, investigation, and response. These agents generate structured outputs and evidence chains to support transparent analyst review.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]