CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Malware Delivery via Windows Native AI Stack

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A security researcher has demonstrated a living-off-the-land (LotL) attack that uses Windows' native AI stack to deliver malware. The attack leverages trusted files from the Open Neural Network Exchange (ONNX) to bypass security engines. The method involves embedding malicious payloads in AI models, which are then loaded and executed using trusted Windows APIs. The attack exploits the inherent trust that Windows and security programs place in ONNX files, making it difficult for security tools to detect the malware. The researcher suggests that security tools need to be reworked to monitor AI files and their associated activities. This technique highlights a new vector for malware delivery, emphasizing the need for enhanced security measures in AI-driven systems.

Timeline

  1. 30.10.2025 21:47 1 articles · 11d ago

    Researcher Demonstrates Malware Delivery via Windows Native AI Stack

    A security researcher has demonstrated a living-off-the-land (LotL) attack that uses Windows' native AI stack to deliver malware. The attack leverages trusted files from the Open Neural Network Exchange (ONNX) to bypass security engines. The method involves embedding malicious payloads in AI models, which are then loaded and executed using trusted Windows APIs. The attack exploits the inherent trust that Windows and security programs place in ONNX files, making it difficult for security tools to detect the malware. The researcher suggests that security tools need to be reworked to monitor AI files and their associated activities.

    Show sources
    Open in new tab

Information Snippets