Key Takeaways

• Most “AI malware” observed so far falls into the AI malware Maturity Model (AIM3) Levels 1-3 (Experimenting through Optimizing), rather than fully automated campaigns.


• AI is currently a force multiplier on existing attacker tradecraft, not a source of fundamentally new TTPs.


• Many “first-ever AI malware” announcements are narrow research demos or PoCs with limited autonomy and unclear real-world impact.


• Public reporting shows no confirmed examples of truly embedded, Bring-Your-Own-AI (BYOAI) malware running its own local model on victim hosts.


• Defenders should prioritize monitoring abuse of legitimate AI services, hardening existing controls, and mapping threats to AIM3 levels rather than overreacting to sci-fi scenarios.