On Tuesday, Microsoft unveiled a new artificial intelligence (AI) agent capable of independently analyzing and classifying malware. Named Project Ire, this prototype AI system has been tested in both controlled settings and real-world conditions. It boasts the ability to reverse engineer software autonomously and analyze it on multiple levels to determine whether a file is benign or malicious. In a field where AI typically requires human oversight, Project Ire has demonstrated a notable precision rate.
Integration of Project Ire into Microsoft Defender
In a recent blog post, Microsoft elaborated on Project Ire and its functionalities. This agentic system was developed through collaboration among the Microsoft Research, Defender Research, and Microsoft Discovery & Quantum divisions. The company indicated that the AI agent is built upon several advanced language models and a suite of binary analysis tools.
Microsoft’s Defender platform currently monitors over one billion active devices monthly, presenting significant challenges for human analysts. Although the complexity of reverse engineering software for malware detection has kept AI out of this domain, the introduction of Project Ire marks a shift in that approach.
Classifying software as malware, especially before it is executed, often requires subjective judgment. Many software programs employ reverse engineering protections that make it difficult for analysts to reach a definitive conclusion regarding their nature.
While there are various methods to tackle this issue, they entail incrementally investigating each software sample, accruing evidence with every analysis, and validating findings based on existing software behavior databases.
According to Microsoft, Project Ire effectively navigates these challenges by utilizing specialized tools that permit the AI to autonomously reverse engineer software at various levels, including low-level binary analysis, control flow reconstruction, and high-level behavior interpretation.
When operational, the prototype identifies the file type, structure, and areas of interest. It then reconstructs the software’s control flow graph using multiple frameworks. This process is followed by iterative function analysis to pinpoint and summarize key functions.
As part of its operation, Project Ire generates a comprehensive, auditable report that documents the evidence gathered during the analysis. This log can be reviewed by human analysts, providing a final check against potential misclassification.
Additionally, the AI agent includes a validator tool that cross-references the report’s findings with expert statements from the malware reverse engineers on the Project Ire team. Early testing suggests that Project Ire successfully identified 90 percent of files, with only two percent of benign software incorrectly flagged as malware, achieving a precision of 0.98 and a recall of 0.83.
Notably, the AI agent has also been tested in real-world situations. Microsoft tasked it with examining nearly 4,000 unclassified files, asserting that these were created post-training cutoff, meaning the agent could not have been exposed to them during its learning phase.
Fully autonomous in its operation, Project Ire reportedly achieved a precision score of 0.89, accurately identifying 90 percent of the files assessed, with a claimed false positive rate of four percent.
“Given these promising early outcomes, we plan to integrate the Project Ire prototype into Microsoft’s Defender organization as a Binary Analyzer for enhanced threat detection and software classification,” the company stated.
