Microsoft has developed Project Ire, an AI prototype that can autonomously reverse engineer software to identify malware, a task typically performed by human security researchers.
The prototype can fully reverse engineer software without prior clues about its origin or purpose. In a Microsoft test, Project Ire accurately identified 90% of malicious Windows driver files, flagging only 2% of benign files as dangerous. Microsoft stated, “This low false-positive rate suggests clear potential for deployment in security operations, alongside expert reverse engineering reviews.”
Project Ire differs from traditional antivirus engines, which scan for known code strings, patterns, or behaviors. Hackers consistently evolve techniques to conceal malicious functions, making new attacks difficult to detect. Such techniques include using legitimate software functions to download malicious modules later.
The IT security industry has previously used AI, including machine learning, for malware detection. Microsoft’s Project Ire, however, utilizes large language models to investigate and flag security threats. Redmond added, “Project Ire attempts to address these challenges by acting as an autonomous system that uses specialized tools to reverse engineer software. The system’s architecture allows for reasoning at multiple levels, from low-level binary analysis to control flow reconstruction and high-level interpretation of code behavior.”
Microsoft reported the AI program detected a Windows-based rootkit and another malware sample designed to deactivate antivirus by identifying key features. Project Ire was also capable of “author a conviction case, a detection strong enough to justify automatic blocking,” which led Microsoft to flag and block a malware sample linked to an elite hacking group.
Microsoft positions Project Ire as a tool to assist security researchers and IT staff. The company plans to deploy the AI within the team developing Microsoft Defender as a “Binary Analyzer for threat detection and software classification.” Microsoft stated, “Our goal is to scale the system’s speed and accuracy so that it can correctly classify files from any source, even on first encounter.”
The AI program remains a prototype with limitations. In another Microsoft test involving nearly 4,000 files scheduled for manual review, Project Ire achieved a high precision score of 0.89, indicating that nearly 9 out of 10 files flagged as malicious were correctly identified. However, Project Ire detected approximately one-quarter of all actual malware within the scanned files.
Microsoft noted, “While overall performance was moderate, this combination of accuracy and a low error rate suggests real potential for future deployment.”
