Malware analysis assisted by AI with R2AI
This addresses malware analysis efficiency for security professionals, but it is incremental as it builds on existing AI tools and requires human guidance.
This research tackled malware analysis for Linux and IoT malware in 2024-2025 by using AI assistance with r2ai, showing that quality was equal or better than without AI, with significant speed gains and lower costs compared to analyst salaries.
This research studies the quality, speed and cost of malware analysis assisted by artificial intelligence. It focuses on Linux and IoT malware of 2024-2025, and uses r2ai, the AI extension of Radare2's disassembler. Not all malware and not all LLMs are equivalent but the study shows excellent results with Claude 3.5 and 3.7 Sonnet. Despite a few errors, the quality of analysis is overall equal or better than without AI assistance. For good results, the AI cannot operate alone and must constantly be guided by an experienced analyst. The gain of speed is largely visible with AI assistance, even when taking account the time to understand AI's hallucinations, exaggerations and omissions. The cost is usually noticeably lower than the salary of a malware analyst, but attention and guidance is needed to keep it under control in cases where the AI would naturally loop without showing progress.