Malware authors subvert AI detection systems Malware authors are subverting AI detection systems with code that commands LLM-assisted products to abort analysis. SentinelLabs discovered macOS.Gaslight, a Rust backdoor targeting MacOS systems, which it associates with North Korean threat activity. The malware uses prompt injection to evade AI-based security tools, marking a growing trend in adversarial AI attacks. Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/ from security company SentinelLabs. SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS BONZAI COBUCH, and SentinelLabs associates the BONZAI signature family with North Korean threat activity,” the company wrote. It’s calling the malware macOS.Gaslight. This is not the first example of malware specifically targeting AI-generated analysis. As SentinelLabs noted, Checkpoint first documented such an approach https://research.checkpoint.com/2025/ai-evasion-prompt-injection/ exactly a year ago. And Socket followed suit with a report of a payload https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious that also used code to evade detection by AI models. This new generation of threats was mentioned in the OPSWAT report, The State of File Security https://www.opswat.com/resources/reports/ponemon-state-of-file-security and cybersecurity experts are warning https://www.csoonline.com/article/4053107/ai-prompt-injection-gets-real-with-macros-the-latest-hidden-threat.html that AI-supported protection is not always the answer. SentinelLabs would certainly agree with that view. “As LLM-assisted analysis https://www.sentinelone.com/labs/building-an-adversarial-consensus-engine-multi-agent-llms-for-automated-malware-analysis/ becomes routine, defenders should expect more samples built to exploit it,” it wrote.