Detailed Report: Project Ire — Malware Detection, Automated
Autonomous Malware Classification
Project Ire, a prototype developed by Microsoft in collaboration with Microsoft Research, Microsoft Defender Research, and Discovery & Quantum teams, is designed to reverse-engineer software files and classify them as malicious or benign—without any human assistance. It employs advanced tools such as decompilers, memory analysis sandboxes, control-flow reconstruction (using frameworks like angr and Ghidra), and an LLM-powered tool-use API to breakdown and analyze code behavior.Chain of Evidence & Validation
Every analysis produces a transparent "chain of evidence", documenting the logic behind the AI’s decisions. A validator tool cross-checks findings against expert-reviewed evidence, enhancing trust and helping refine misclassifications.Performance Results
Public Windows driver dataset: Achieved 90% accuracy, flagged only 2% of benign files as malicious. Precision: 0.98; Recall: 0.83.
"Hard-target" real-world test (~4,000 challenging files): Maintained high precision (~0.89), with nearly 9 out of 10 flagged files being correctly identified as malicious, but detected only ~25–26% of actual malware. False positive rate remained low (~4%).
Next Steps: Integration into Defender
Based on early success, Microsoft plans to incorporate Project Ire into Microsoft Defender as a Binary Analyzer. The long-term goal is to scale both speed and accuracy, eventually enabling it to detect novel malware—potentially directly in memory at scale.
Summary
Project Ire is Microsoft's prototype AI agent that autonomously reverse-engineers and classifies software to detect malware—achieving up to 90% accuracy with ultra-low false positives in early tests. Though recall remains modest (~25%), its precision and transparency through an evidence trail mark a promising step toward fully automated, scalable cybersecurity. The next milestone: integration into Microsoft Defender for real-world deployment.