cd /news/ai-safety/malware-authors-subvert-ai-detection… · home topics ai-safety article
[ARTICLE · art-48025] src=csoonline.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Malware authors subvert AI detection systems

Malware authors are subverting AI detection systems with code that commands LLM-assisted products to abort analysis. SentinelLabs discovered macOS.Gaslight, a Rust backdoor targeting MacOS systems, which it associates with North Korean threat activity. The malware uses prompt injection to evade AI-based security tools, marking a growing trend in adversarial AI attacks.

read1 min views11 publishedJun 26, 2026

Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach.

Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs.

SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs associates the BONZAI signature family with North Korean threat activity,” the company wrote.

It’s calling the malware macOS.Gaslight.

This is not the first example of malware specifically targeting AI-generated analysis. As SentinelLabs noted, Checkpoint first documented such an approach exactly a year ago. And Socket followed suit with a report of a payload that also used code to evade detection by AI models.

This new generation of threats was mentioned in the OPSWAT report, The State of File Security and cybersecurity experts are warning that AI-supported protection is not always the answer.

SentinelLabs would certainly agree with that view. “As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it,” it wrote.

── more in #ai-safety 4 stories · sorted by recency
── more on @sentinellabs 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/malware-authors-subv…] indexed:0 read:1min 2026-06-26 ·