August 8, 2025
5 min read
James Coker
Microsoft's Project Ire AI agent autonomously reverse engineers malware with high precision, enhancing threat detection and reducing analyst fatigue.
Microsoft Unveils Project Ire: AI Agent That Autonomously Reverse Engineers Malware
Microsoft has unveiled a new AI agent named Project Ire, capable of autonomously classifying malware at a global scale with remarkable precision. Announced during Black Hat USA 2025, Project Ire can fully reverse engineer software files without any prior knowledge of their origin or purpose. It leverages decompilers and other analysis tools to examine the software’s output and determine whether it is malicious or benign. The system integrates advanced language models with a suite of callable reverse engineering and binary analysis tools to conduct investigations and make adjudications. The prototype has demonstrated strong efficacy in tests, including a real-world scenario involving approximately 4,000 "hard-target" files that automated systems had failed to classify. According to a Microsoft blog post dated August 5, Project Ire has achieved a precision of 0.98 and a recall of 0.83 using public datasets of Windows drivers."It was the first reverse engineer at Microsoft, human or machine, to author a conviction case – a detection strong enough to justify automatic blocking – for a specific advanced persistent threat (APT) malware sample, which has since been identified and blocked by Microsoft Defender," the Project Ire researchers wrote.Project Ire also employs a validator tool that cross-checks its initial findings. This validator draws on expert statements from malware reverse engineers on the Project Ire team. Using this evidence alongside its internal model, the system generates a final report classifying the sample as malicious or benign. The development of Project Ire involved collaboration among various Microsoft teams, combining security expertise, operational knowledge, global malware telemetry, and AI research.
Project Ire Available to Microsoft Customers
Following successful preliminary testing, Microsoft plans to integrate the Project Ire prototype within its Defender organization as a binary analyzer for threat detection and software classification."Our goal is to scale the system’s speed and accuracy so that it can correctly classify files from any source, even on first encounter. Ultimately, our vision is to detect novel malware directly in memory, at scale," the researchers noted.The agent aims to alleviate burnout and alert fatigue experienced by security analysts. Traditional AI malware analysis tools often fail to clearly indicate whether a sample is malicious or benign, forcing analysts to investigate each sample incrementally.
Source attribution: Originally published at Infosecurity Magazine on Thu, 07 Aug 2025.