Hyderabad: American tech giant Microsoft has announced Project Ire, an autonomous AI agent, which can analyse and identify malware without any human assistance. This prototype AI model is designed to reverse-engineer software files and decide whether they are safe or harmful.

The AI agent can fully analyse a software file even if it does not have any prior information about the software or its purpose. It uses decompliers and other advanced tools to scan the code, understand its behaviour, and determine whether the software is harmful or not. Developed by Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, Project Ire represents a significant advancement in cybersecurity.

Project Ire: Why was it made?

Microsoft Defender, the cybersecurity platform of the company, scans more than a billion active devices monthly via its suite of products. Softwares that run on these devices are manually reviewed by experts. This makes it a challenging task as experts often face alert fatigue and burnout, making it hard for them to maintain consistency across large-scale malware detection.

It is really difficult to conduct malware classification as it requires “judgment calls without definitive validation beyond expert review," Microsoft says. Moreover, many behaviours showcased in malicious files can also appear in legitimate software. This makes it hard to train an AI model that is both accurate and reliable. Here is where Project Ire steps in to automate the process.

To overcome the problem of judgment calls, Microsoft has integrated a system named “chain of evidence” that is a step-by-step audit trail system showcasing how the AI model came to a conclusion. The chain of evidence enables human experts to verify the AI model’s findings and enhance its accountability in case of an error.

Project Ire: How does it work?

The Project Ire begins its analysis by organising and classifying the fickle type and structure of software. It then reconstructs the control flow of the software using tools like Ghidra and angr. The AI model can then call different tools via an API to summarise each code function and add the results to its evidence chain.

Microsoft has also tested the Project Ire in various scenarios to determine its accuracy and reliability. For instance, the tech giant analysed a dataset that contained Windows drivers, malicious files, and a few safe files. The AI model correctly identified 90 per cent of the files, and only 2 per cent of safe files were wrongly tagged as threats.

In this test, Project Ire secured a precision score of 0.98 and a recall of 0.83.

In a real-world scenario, Microsoft gave the AI model 4,000 “hard-target” files, which were not previously reviewed by any other automated systems. These complex files were scheduled to be manually reviewed by expert reverse engineers.

The AI model achieved a high precision score of 0.89, with a false positive rate of just 4 per cent.