AI-generated malware volume and sophistication are rapidly outpacing legacy detection tools, which miss a large fraction of new threats and give IT teams a false sense of security. A study of 500 U.S. IT professionals and real-world tests (e.g., Nimbus Manticore bypassing legacy tools on VirusTotal) show defenders underestimate unseen threats and must adopt preemptive deep learning defenses. #NimbusManticore #SitusAMC
Keypoints
- AI-generated malware is increasing in volume and sophistication, likely far exceeding public detection counts and potentially producing millions of unseen variants daily.
- Legacy detection tools performed poorly in tests: 65 of 73 tools failed to detect AI-generated samples, an 89% miss rate in the experiment cited.
- Despite failing effectiveness, confidence in legacy defenses remains high among IT professionals (86% believe tools can stop AI malware pre-execution), with younger cohorts and senior leaders reporting particularly high confidence.
- Finance โ historically a cybersecurity leader โ reports the lowest very-high confidence (26%) in stopping AI-generated attacks pre-execution, highlighting growing industry risk; healthcare is already reporting hundreds of breaches and remains vulnerable.
- Organizations are rapidly adopting AI but often lack strategic direction, risking fast adoption of familiar but outdated security vendors and models that attackers can evade.
- The report argues for shifting from detection-based approaches to deep learningโnative, preemptive protection capable of identifying never-before-seen threats before execution.
MITRE Techniques
- [None ] No MITRE ATT&CK techniques explicitly mentioned โ โNimbus Manticore, a sophisticated, AI-engineered malware strain that bypassed every legacy on VirusTotal, except for Deep Instinct โ for a full week.โ
Indicators of Compromise
- [Malware family/name ] referenced threat example โ Nimbus Manticore
- [Affected organization ] example of breach context โ SitusAMC (third-party vendor breach exposing sensitive financial data)
- [Reporting/platform ] detection and telemetry context โ VirusTotal (used to test detection coverage), Identity Theft Resource Center H1 2025 Data Breach Report (cited breach counts)
- [Sector-level indicators ] industry impact context โ references to โmore than 500 healthcare breachesโ and 1,732 publicly reported data compromises in H1 2025 (summary statistics rather than specific hashes or IPs)
Read more: https://www.deepinstinct.com/blog/overconfident-and-underprepared-it-leaders-misjudge-ai-cyber-risk