Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware
TrendMicro has called for caution on how much detail is disclosed in security advisories
Threat intelligence reports play a crucial role in helping enterprises keep tabs on emerging threats. These blog posts detail the tactics, techniques, and procedures (TTPs) of a threat group or dissect the makeup of a particular malware strain.
New research, however, shows they could also be doing more harm than good. According to research from Trend Micro, hackers are now using AI to analyze these reports and use them to refine their tactics.
The study showed large language models (LLMs) can translate technical blogs into “partial malicious code” in a dark twist on the “vibe coding” trend.
This not only allows threat actors to speed up attacks or reverse engineer malware strains, it also helps them mimic other group’s TTPs, creating challenges with the attribution of attacks.
Speaking to ITPro, Robert McArdle, Director of Forward Threat Research at Trend Micro, said the company’s findings highlight the latest example of cyber criminals jumping on the vibe coding bandwagon to wreak havoc.
“We already know that cyber criminals are using vibe coding,” McArdle said. “We’ve seen that in their discussions on criminal forums. We’ve seen existing malware that very much looks like it was vibe coded.”
“It got us thinking, what if you can actually clone an analysis by a researcher to try to re-implement the malware from what they've described?”
McArdle told ITPro the company decided to test this by using AI tools to dissect its own blog posts, which showed some initial promise.
“What came back was quite good,” he said. “It wasn’t the final product. It did need a little bit of tweaking to get it to work, but it certainly took a lot of work out of the way.”
This ‘lightening of the load’ is a key concern, McArdle noted. While AI tools are unlocking productivity gains for workers on the right side of the law, they’re proving equally powerful for criminals.
Worse still, these tools are helping lower the barrier to entry for up-and-coming cyber criminals and accelerating processes for those with a higher level of technical know-how.
“AI lets you jump from your current level of proficiency up to the next level faster,” he told ITPro. “So if you’re a complete novice and you know very little about code, you can vibe code a reasonably okay malware.”
“If you're already skilled and you go to an in-depth analysis of something even more advanced, then it certainly helps you get up to speed on that faster and go from those examples and have some sort of working code," McArdle continued. “So in each case it levels up the skill set of the attacker.”
Time to tone down the technical details?
Faced with this, McArdle said Trend Micro’s view on threat intelligence reports is that industry providers should consider toning down the technical details.
The company itself has taken this on board and McArdle said a key factor in releasing this research was to raise awareness and let industry counterparts know what’s going on.
“We often release these [threat intelligence reports] to raise awareness, to let people know that you know something is going on,” he said.
“Within those, it's the level of detail that you put in the post that’s the difference. We need to let people know this new attack is happening. Here's the main details you need to know to defend yourself. Here's the bigger world context, and so on,” McArdle added.
“But we probably don't always need to go down to the low-level code of ‘this is exactly how this was implemented, from start to finish’.”
“The more and more you go to that level, the more an AI is capable of reconstructing an approximation of the malware from it,” he said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Salesforce targets telco gains with new agentic AI toolsNews Telecoms operators can draw on an array of pre-built agents to automate and streamline tasks
-
Four national compute resources launched for cutting-edge science and researchNews The new national compute centers will receive a total of £76 million in funding
-
CrowdStrike says AI is officially supercharging cyber attacks: Average breakout times hit just 29 minutes in 2025, 65% faster than in 2024 – and some attacks take just secondsNews Cyber criminals are actively exploiting AI systems and injecting malicious prompts into legitimate generative AI tools
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
Harnessing AI to secure the future of identityIndustry Insights Channel partners must lead on securing AI identities through governance and support
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
