Microsoft Launches AI Agent Project Ire to Reverse Engineer Malware

Microsoft has unveiled Project Ire, a groundbreaking AI agent designed to autonomously classify malware at a global scale with remarkable precision. Announced at Black Hat USA 2025, the system can reverse engineer software files without prior knowledge of their origin or purpose, using decompilers and other tools to analyze outputs and determine malicious intent.

How Project Ire Works

• Advanced Analysis: Project Ire employs advanced language models and a suite of reverse engineering tools to investigate and adjudicate malware.
• Real-World Testing: The prototype successfully analyzed 4,000 "hard-target" files unclassified by automated systems, achieving a precision of 0.98 and recall of 0.83 in public datasets of Windows drivers.
• Validation: The AI agent cross-checks findings with a validator tool, incorporating expert input from malware reverse engineers to produce final reports classifying samples as malicious or benign.

Impact and Future Goals

• First Detection: Project Ire became the first reverse engineer at Microsoft, human or machine, to author a conviction case for an APT malware sample, now blocked by Microsoft Defender.
• Operational Integration: The prototype will be integrated into Microsoft’s Defender organization for threat detection and software classification.
• Long-Term Vision: Microsoft aims to scale the system’s speed and accuracy to detect novel malware directly in memory, addressing analyst burnout and alert fatigue.

Collaboration and Development

Various Microsoft teams, including security experts, AI researchers, and operational specialists, collaborated on Project Ire, leveraging global malware telemetry and AI advancements. For more details, read Microsoft’s blog.

Project Ire represents a significant leap in AI-driven cybersecurity, offering a scalable solution to combat evolving malware threats.