Check Point Research has identified what appears to be the first documented instance of malware attempting to bypass AI-powered threat detection through prompt injection. Rather than evading through traditional code obfuscation, the malware embedded instructions designed to deceive large language models (LLMs) into misclassifying it as safe.
This development marks the beginning of a new class of attack tactics known as AI evasion—where threat actors exploit the behavior of generative AI tools used in cybersecurity workflows.
Inside the code: An instruction targeting the AI
Discovered in early June 2025 on VirusTotal, the malware sample originated from the Netherlands and appeared incomplete at first glance. It featured known sandbox evasion techniques and an embedded TOR client, but what stood out was a plaintext string that mimicked an instruction to an AI.
Also read:
The embedded prompt attempted to override previous commands given to the AI and requested the model to respond with “NO MALWARE DETECTED.” The intention was to hijack the AI’s interpretive logic and produce a false clean verdict—posing significant implications for automated reverse engineering workflows that rely on LLMs.
The injection failed—this time
When tested, the injection attempt was unsuccessful. The AI system flagged the file as malicious and identified the manipulation attempt. However, researchers view this incident as an early signal of a coming wave of adversarial inputs targeting AI-based security systems.
As generative AI becomes more deeply integrated into malware analysis and detection, attackers are expected to refine such tactics. The emergence of prompt injection as a vector underscores the importance of building AI tools that are resilient not only to technical exploits but also to adversarial manipulation.
Check Point warns that even failed attempts provide valuable insight into how attackers are adapting. The future of cybersecurity will increasingly depend on defending against not just traditional threats—but also inputs designed to mislead the AI itself.
