Boo-AI — Master Artificial Intelligence by Building from Scratch

Introduction

Malware has undergone a fundamental transformation. Traditional malware relied on static signatures and predictable behaviors that security tools could catalog and block. AI-enabled malware operates on an entirely different principle: it adapts, mutates, and evolves in response to the defenses it encounters.

This section introduces the new malware paradigm, where machine learning enables code that rewrites itself to evade detection, learns from its environment to optimize its attack strategy, and spreads through AI systems themselves.

Polymorphic and Metamorphic Code

Polymorphic malware changes its appearance with each infection cycle while maintaining its core functionality. The concept is not new—polymorphic viruses date back to the early 1990s—but AI has dramatically increased the sophistication of these mutations.

Traditional polymorphic malware used simple encryption with varying keys or basic code substitution. AI-powered polymorphic malware uses language models to rewrite entire functions, replace algorithms with semantically equivalent alternatives, and restructure control flow in ways that are unique to each instance.

Polymorphic malware: Changes its binary signature with each infection while preserving functionality
Metamorphic malware: Completely rewrites its own code, creating genuinely new variants rather than encrypted copies
AI enhancement: LLMs can generate semantically equivalent code that is syntactically unique, defeating signature-based detection
Environment-aware mutation: AI malware can analyze the target's security stack and mutate specifically to evade detected tools

Why This Matters: Signature-based antivirus solutions rely on matching known patterns. When every instance of malware is structurally unique—thanks to AI-driven code generation—signatures become fundamentally ineffective as a primary detection mechanism.

AI Malware That Rewrites Itself

The most concerning development in AI-enabled malware is the emergence of self-modifying code that uses embedded machine learning models to make decisions about when, how, and what to modify. These systems can analyze endpoint detection and response (EDR) tools, understand their detection logic, and generate evasion strategies in real time.

Research demonstrations have shown malware that uses LLMs to rewrite its payload delivery mechanisms, generating new dropper code for each target. The malware queries a local or remote LLM with instructions like "rewrite this shellcode loader to avoid detection by Windows Defender" and receives functionally equivalent but structurally novel code.

The Self-Modification Loop

Deployment: Initial payload arrives via phishing email, exploit, or supply chain compromise
Environment analysis: AI component identifies installed security tools and OS configuration
Code generation: LLM generates evasion-optimized variants of key malware components
Execution and feedback: If detected, the malware adjusts its strategy and generates new variants

Case Studies: PromptLock and Morris II

PromptLock, demonstrated in 2025, showcased malware that used AI to lock itself against analysis. The malware employed prompt-based obfuscation, making its code appear as benign AI model interactions to security analysts and automated tools. Its behavior was encoded in natural language prompts rather than traditional executable logic.

The Morris II AI worm, named after the original Morris worm of 1988, demonstrated a fundamentally new propagation method. Rather than exploiting software vulnerabilities, Morris II propagated through AI agents by crafting adversarial prompts that caused one AI system to send malicious instructions to connected AI systems.

PromptLock (2025): Malware using AI-based obfuscation that encodes behavior in natural language rather than binary code
Morris II: An AI worm that spreads through prompt injection across interconnected AI agents
Key insight: AI systems themselves have become both the attack vector and the propagation mechanism

The Paradigm Shift: The Morris II worm represents a new category of threat where AI systems are not just tools used by malware—they are the medium through which malware spreads. As organizations deploy more interconnected AI agents, this attack surface will only grow.