Once antivirus software got smarter, malware learned to shapeshift. Polymorphic code scrambled itself into new forms every time it spread; metamorphic malware rewrote itself entirely. The infamous Storm Worm showed how this trick worked in the real world, running a botnet of millions while constantly changing costume.
Security companies chased it like a bad cartoon; every time they closed in, the worm was already wearing a new mask.
This year, things have gotten more complicated. In mid-2025, security firm ESET announced the discovery of PromptLock, calling it the world’s first AI-powered ransomware. That caused a stir until researchers revealed it was actually a New York University academic project; a controlled proof-of-concept, not an active criminal strain. A good reminder that hype spreads almost as fast as malware itself.
Meanwhile, cybercriminals are busy using generative AI for more grounded attacks. Deepfake voices are tricking employees into wiring money, and phishing emails now look like they were written by your company’s legal department. Darktrace also reported signs of attackers using reinforcement learning to adjust their moves in real time, like a chess player who never stops studying openings.
The nightmare of a fully autonomous, self-learning worm has not arrived yet; but the groundwork is being laid.
Traditional antivirus works like a nightclub bouncer with a clipboard; it checks known troublemakers and tosses them out. AI malware does not bother faking IDs; it shapeshifts until it looks like the manager’s best friend. Signature detection fails, behavioural monitoring struggles, and the gap widens every year.
Defenders now rely on layers: heuristics, anomaly detection, endpoint monitoring and AI pattern recognition. The unfair part is obvious; defenders must cover every possible entrance, while attackers only need one open window.
The story of ILOVEYOU and early email worms – Wired
Symantec on Storm Worm and polymorphic malware – Symantec Security Response
IBM’s DeepLocker AI malware proof-of-concept – MIT Technology Review
Kaspersky on AI-assisted malware evasion – Kaspersky
Darktrace research on reinforcement learning in cyberattacks – Ars Technica
Trend Micro State of AI Security Report, 1H 2025 – Trend Micro
Darktrace forensic acquisition & investigation launch (Sept 2025) – SiliconANGLE
PromptLock ransomware origins (NYU project, 2025) – Tom’s Hardware
Rise of deepfake attacks targeting small businesses (2025) – TechRadar
