Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Fixing What You Broke: Can AI Be Used to Thwart AI-Generated Malware?

Login to download
Fixing What You Broke: Can AI Be Used to Thwart AI-Generated Malware? (PDF, 0.88MB)Published: 03 Sep, 2025
Created by:
Owen Slubowski

AI has increased accessibility to beneficial technological capabilities for organizations and ushered in a new era of advanced threats. With the help of AI, the generation of new and dangerous malware is faster and easier to develop than ever before. This paper investigates whether legacy tools such as VirusTotal, MetaDefender, and Hybrid Analysis remain effective in detecting modern threats and explores the alternative of using AI as a detection technique. This paper will compare the results of AI-generated malware analysis using legacy tools and various AI models and prompts to develop best practices to protect organizations of all sizes. The results show that AIassisted malware analysis is significantly more effective at detecting these new threats than legacy approaches and provides vital analysis. Throughout testing, ChatGPT has been proven to be the most effective model for malware analysis. This paper also explores how AI file analysis can be automated using the low-code automation solution N8n to further augment detection. The implications of this research can help organizations defend their interests more cost-effectively amid rapid technological change.

Additional resources

Own AI Securely: The SANS Secure AI Blueprint

WhitepaperArtificial Intelligence
  • 9 Sep 2025
  • Rob T. Lee

Securing The Cloud: Persistent Challenges, Emerging Threats, and The Rise of AI Defense

WhitepaperArtificial Intelligence
  • 9 Sep 2025
  • Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim, Simon Vernon, Brandon Evans, Dave Shackleford, Wesley Kuzma

SANS 2025 AI Survey: Measuring AI’s Impact on Security Three Years Later

WhitepaperArtificial Intelligence
  • 3 Sep 2025
  • Ahmed Abugharbia

AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC Using Cortex XSIAM

WhitepaperArtificial Intelligence
  • 29 Jul 2025
  • Dave Shackleford

Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds

WhitepaperArtificial Intelligence
  • 16 Jul 2025

Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot

WhitepaperArtificial Intelligence
  • 11 Jul 2025

Related courses

  • Slide 1 of 13

    SEC503: Network Monitoring and Threat Detection In-Depth

    Intermediate
    SEC503Cyber Defense
    SEC503: Network Monitoring and Threat Detection In-Depth
    • GIAC Certified Intrusion Analyst (GCIA)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 37 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 13

    LDR512: Security Leadership Essentials for Managers

    Intermediate
    LDR512Cybersecurity Leadership
    LDR512: Security Leadership Essentials for Managers
    • GIAC Security Leadership (GSLC)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 13

    SEC497: Practical Open-Source Intelligence (OSINT)

    Intermediate
    SEC497Cyber Defense
    SEC497: Practical Open-Source Intelligence (OSINT)
    • GIAC Open Source Intelligence (GOSI)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 29 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 13

    SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations

    Major UpdatesIntermediate
    SEC450Cyber Defense
    SEC450: Blue Team Fundamentals: Security Operations and Analysis
    • GIAC Security Operations Certified (GSOC)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 13

    SEC545: GenAI and LLM Application Security

    newAdvanced
    SEC545Cloud Security
    SEC545: GenAI and LLM Application Security
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 11 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 13

    SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis

    Advanced
    SEC587Cyber Defense
    SEC587
    • GIAC Strategic OSINT Analyst (GSOA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 28 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 13

    SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring

    Intermediate
    SEC511Cyber Defense
    SEC511: Continuous Monitoring and Security Operations
    • GIAC Continuous Monitoring Certification (GMON)
    • 6 Days (Instructor-Led)
    • 46 CPEs / 46 Hours (Self-Paced)
    • Labs: 18 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 13

    AIS247: AI Security Essentials for Business Leaders

    Essentials
    AIS247Cybersecurity Leadership
    LDR414: SANS Training Program for CISSP® Certification
    • 2 CPEs / 2 Hours (Self-Paced)

    View course detailsRegister
  • Slide 9 of 13

    LDR514: Security Strategic Planning, Policy, and Leadership

    Advanced
    LDR514Cybersecurity Leadership
    LDR514: Security Strategic Planning, Policy, and Leadership
    • GIAC Strategic Planning, Policy, and Leadership (GSTRT)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 32 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 13

    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG

    Essentials
    SEC495Cyber Defense
    SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic RAG
    • 7 CPEs / 7 Hours (Self-Paced)

    View course detailsRegister
  • Slide 11 of 13

    FOR563: Applied AI for Digital Forensics and Incident Response: Leveraging Local Large Language Models

    newIntermediate
    FOR563Digital Forensics and Incident Response
    FOR509: Enterprise Cloud Forensics and Incident Response
    • 1 Day (Instructor-Led)
    • 6 CPEs / 6 Hours (Self-Paced)
    • Labs: 4 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 13

    SEC598: AI and Security Automation for Red, Blue, and Purple Teams

    Major UpdatesIntermediate
    SEC598Offensive Operations
    SEC598: AI and Security Automation for Red, Blue, and Purple Teams
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 25 Hands-On Labs

    View course detailsRegister
  • Slide 13 of 13

    SEC535: Offensive AI - Attack Tools and Techniques

    newIntermediate
    SEC535Offensive Operations
    SEC535: Offensive AI - Attack Tools and Techniques
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 14 Hands-On Labs

    View course detailsRegister