AI-Generated PowerShell Malware: An Experimental Framework and Dataset

📅 2026-06-29
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses the emerging cybersecurity threat posed by the misuse of generative artificial intelligence to produce PowerShell-based malware. To systematically evaluate this risk, we introduce a dedicated dynamic analysis sandbox—the first of its kind specifically designed for AI-generated PowerShell malicious scripts—and release the first real-world dataset of such scripts accompanied by natural language annotations. Leveraging this framework, we fine-tune and assess open-source large language models, employing Jaccard similarity metrics alongside runtime malicious behavior tracking. Our experiments demonstrate that the AI-generated scripts exhibit a high degree of behavioral fidelity to real-world malware at the operating system level, achieving a median Jaccard index of 84.5%, with 48.4% of generated samples showing complete overlap in malicious behaviors.
📝 Abstract
Generative AI has emerged as a significant cybersecurity threat, with several recent attack campaigns leveraging LLMs to generate code for malicious purposes via scripting languages such as PowerShell. Consequently, for cybersecurity analysts, it is imperative to investigate the offensive capabilities of AI code generators. In this paper, we propose an experimental framework to assess LLM-generated PowerShell malware, which comprises a novel sandbox approach for dynamic analysis of AI-generated malware. Furthermore, we present a novel, manually curated dataset of real-world PowerShell malware, annotated in natural language to assist the training and evaluation of LLMs. Finally, this study evaluates permissive, open-weight LLMs adapted to PowerShell malware generation. Our results reveal a high degree of similarity between real malware and LLM-generated ones in terms of triggered OS malicious events, with a median Jaccard index of 84.5% and 48.4% of instances achieving complete overlap.
Problem

Research questions and friction points this paper is trying to address.

AI-generated malware
PowerShell
LLM
cybersecurity threat
malware analysis
Innovation

Methods, ideas, or system contributions that make the work stand out.

Generative AI
PowerShell malware
Dynamic analysis sandbox
Manually curated dataset
LLM security evaluation
🔎 Similar Papers
No similar papers found.
L
Luciano Pianese
Department of Electrical Engineering and Information Technology (DIETI), Università degli Studi di Napoli Federico II, Naples, Italy
V
Vittorio Orbinato
Department of Electrical Engineering and Information Technology (DIETI), Università degli Studi di Napoli Federico II, Naples, Italy
Pietro Liguori
Pietro Liguori
Assistant Professor, University of Naples Federico II
AI TrustworthinessLarge Language ModelsCode GenerationFault-Injection
Roberto Natella
Roberto Natella
Associate Professor, Università degli Studi di Napoli Federico II
Software DependabilitySoftware Security