Do Son 
Simplified infection diagram | Image: IBM
Cybersecurity investigators at IBM X-Force have identified a disturbing new milestone in the evolution of digital threats: the discovery of a novel malware dubbed “Slopoly,” which researchers believe was likely generated using artificial intelligence.
The malware was discovered during a ransomware attack conducted by Hive0163, a financially motivated group primarily focused on large-scale data exfiltration and extortion. While the group’s adoption of AI is still in its early stages, the emergence of Slopoly signals a fundamental shift in the threat landscape.
The true danger of Slopoly lies not in its complexity, but in the efficiency of its creation. By leveraging AI, even relatively “unspectacular” malware can be developed at a pace that was previously impossible for human coders.
As the IBM X-Force report notes:
“Al-generated malware such as Slopoly shows how easily threat actors can weaponize Al to develop new malware frameworks in a fraction of the time it used to take“.
This rapid development cycle allows groups like Hive0163 to iterate on their tools quickly, potentially overwhelming traditional defense mechanisms that rely on identifying established malware signatures.
According to X-Force, we are currently in the “initial phase” of an emerging AI arms race. While Slopoly represents AI-driven development, the industry is already seeing the first signs of agentic AI and AI-integrated malware.
These advanced systems allow AI models to make autonomous decisions during every stage of an attack—from initial reconnaissance to the management of complex command-and-control (C2) frameworks.
“The second stage is the use of agentic Al, and Al-integrated malware, which allow models to make decisions during all phases of the attack chain or during development and testing of advanced C2 frameworks“.
The impact of this shift depends heavily on how accessible weaponizable AI becomes to different tiers of threat actors. While state-sponsored groups may develop proprietary technology, many criminal clusters are expected to rely on free, anonymous, or self-hosted models to evade security filters.
The report issues a stark warning about the potential consequences of uncontrolled AI technology:
“An uncontrolled release of technologies without sufficient security measures could unleash a Pandora’s box, which is something defenders should be prepared for“.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
