A single malware file can outweigh an entire AI dataset
Antivirus vendors and security startups keep shipping AI features that promise to read malware the way a seasoned analyst would. The results inside security teams tell a quieter story. A new paper argues that static analysis of software, the job of deciding whether a program is malicious by examining its contents on disk, remains one of the hardest places to make generative AI work.

The scale of the problem explains much of the difficulty. Standard datasets in other fields look small next to a single security sample. ImageNet, the benchmark that helped launch deep learning in computer vision, fits in about 17 GB once its images are resized down, and it holds more than a million of them. Routine static analysis means processing single files that outweigh entire datasets from other research areas.
A file can outweigh a whole dataset
Big inputs are where the trouble starts. A single program can pass 40 GB on disk, and malware authors pad files on purpose to make them heavier and slower to inspect. The AI tools winning at language and images lean on a simple assumption, that the information you care about sits close together. Software plays by different rules. A program can jump around inside itself, so two steps that run one after another can live far apart in the file. That one property throws off the way current models read data, and the systems that shine on text and photos lose their footing.
What coding assistants get that malware analysis lacks
Coding assistants come up often as proof that AI has cracked this kind of work. The researchers set that comparison aside. A coding assistant runs the code, keeps the original source, and works in a setting where nobody is trying to deceive it. Writing code turns a person’s intent into a specification.
Static analysis runs the opposite direction, taking compiled machine code and recovering the intent and methods buried inside it. A test suite can check whether code works. Confirming a malware verdict can take a trained analyst anywhere from hours to weeks.
The evidence from early deployments
Early demonstrations land somewhere between promising and humbling. Cisco and Google have both put AI agents to work on malware analysis, and the agents can carry real tasks to completion. Speed is another matter. In one demonstration, a set of agents spent 46 minutes on a single sample that carried no serious defenses and stayed modest in size. Set against the cost of an expert doing the same job, that math can still work, especially for a team buried under more alerts than it can clear.
The bigger question is whether the tools help at all. One study found that security professionals given generative AI performed no better than beginners working without it, and they struggled to catch the tool’s mistakes. A survey of 482 reverse engineering tools tied weak adoption to poor usability and thin support for the way analysts work. Research on automation bias adds a caution of its own, since teaching people about the risks of AI leaves that bias in place.
Adversaries that move the target every day
Security carries a wrinkle most fields avoid. The other side adapts. Attackers study each new defense and adjust, so a test built on last year’s threats rewards a model for memorizing a world that has already moved on. Fresh data does the most to stop live attacks, which makes an older benchmark a shaky guide to how a system will hold up.
Sharing the raw material is its own headache. Handing out a library of legitimate software would amount to piracy under copyright law, and companies release only older or partial detection logic through services such as VirusTotal to guard a competitive edge. Researchers on the outside end up short of the ground truth they need. Malware also turns up in under a fifth of attempted breaches, which keeps static analysis a tidy example inside a much larger field.
Alerts, explanations, and the analyst in the loop
Explanation matters most at the front line. An analyst in a security operations center can work through hundreds or thousands of alerts in a single shift, and the fatigue that follows is real. A tool that shows its reasoning saves time on every alert it flags, and it earns its keep during the cleanup after an incident, from locking attackers back out to building patches. “Explainability is not optional,” said the authors.

Demo: Prophet Agentic AI SOC Platform transforms alert triage and investigation