First Android Malware Using Generative AI Discovered

- PromptSpy is the second AI-powered malware discovered by ESET, following their August 2025 discovery of PromptLock, the first known AI-driven ransomware. While PromptSpy uses AI for persistence, its primary goal is to deploy a Virtual Network Computing (VNC) module, giving attackers remote access to the victim's device. - The malware works by sending an XML dump of the current screen to Google's Gemini, giving the AI detailed information about all user interface elements. Gemini then returns JSON-formatted instructions telling the malware where to tap or long-press to "pin" itself in the recent apps list, making it harder for users to terminate. - This AI-driven adaptability across different device layouts and Android versions poses a significant challenge for traditional, hardcoded security defenses. To remove the malware, a user must reboot the device into safe mode, where third-party apps are blocked, and then perform a standard uninstallation. - The incident highlights the dual-use nature of AI models, prompting AI labs to invest heavily in alignment techniques like Reinforcement Learning from Human Feedback (RLHF) and Constitutional AI. In RLHF, human reviewers rank model responses to train a reward model, while Constitutional AI uses a set of principles to enable the model to critique and revise its own outputs, a process sometimes called Reinforcement Learning from AI Feedback (RL-AIF). - To defend against such threats, security teams are increasingly using synthetic data to train and test AI threat detection systems without risking sensitive information. Generative Adversarial Networks (GANs) like CTGAN and CopulaGAN have proven effective at creating realistic, high-fidelity synthetic network traffic data for training intrusion detection systems. - The shift from simple data annotation (e.g., labeling stop signs) to providing high-context feedback for frontier models is creating a new "economy of data labeling." This requires domain experts like lawyers and doctors to provide nuanced feedback, with the market for data labeling projected to reach $17 billion by 2030. - Agentic AI systems, which can act autonomously, introduce new security risks that require specialized evaluation benchmarks. Frameworks like EVMbench are emerging to test agents on tasks like finding and patching vulnerabilities in smart contracts, moving beyond simple accuracy metrics to assess real-world performance in high-stakes environments. - For AI infrastructure startups, the fundraising climate is robust, with AI-focused companies raising a significant portion of all venture capital in 2025. Investors show massive interest in companies supporting the AI ecosystem, though the environment remains challenging for first-time funds. Go-to-market strategies for these startups are increasingly AI-driven, using predictive analytics for market research and sales projections to accelerate market entry.