Malware authors use nuclear and biological weapons language to evade scanners

Malware authors are embedding nuclear and biological weapons language into malicious code to evade AI-powered security scanners, as flagged by Citizen Lab researcher John Scott Railton. The tactic triggers safety-tuned large language models to refuse analysis, allowing spyware to bypass AI-assisted detection systems.

John Scott Railton @jsrailton , the Citizen Lab spyware researcher, flagged a practical failure mode for AI security tooling this week: malware authors are putting nuclear and biological weapons language into malicious code so safety tuned models refuse to analyze it. Scott Railton wrote in a June 10 thread on X that the goal was to trigger LLM refusals before an AI assisted scanner reached the spyware itself. His point was not that the trick defeats conventional malware detection. It was sh...