Microsoft on Tuesday revealed Project Ire, a new AI agent that autonomously reverse-engineers and classifies malicious software. The move escalates the AI cybersecurity arms race, positioning Microsoft’s malware hunter against Google’s “Big Sleep” agent, which focuses on finding software flaws.

Developed by Microsoft’s research and security teams, Project Ire aims to automate the complex work of malware analysis. This allows security teams to scale their defenses against sophisticated, AI-driven attacks and frees up human experts to focus on the most critical threats.

The announcement underscores a strategic divergence in how tech giants are weaponizing AI for defense. While Google hunts for vulnerabilities in code, Microsoft is now targeting the malicious binaries themselves.

Project Ire: Automating the ‘Gold Standard’ of Malware Analysis

Microsoft says the new system “automates what is considered the gold standard in malware classification: fully reverse engineering a software file without any clues about its origin or purpose.” The prototype emerged from a collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum, combining AI research with operational security expertise.

The agent operates by using advanced language models, available through Azure AI Foundry, to direct a suite of specialized tools. Its architecture allows it to reason at multiple levels, from low-level binary analysis to high-level interpretation of code behavior, distinguishing it from tools that simply match patterns.

The analysis process begins with a triage, where automated tools identify the file type and structure. From there, the system reconstructs the software’s control flow graph using open-source frameworks like Ghidra and angr. This creates a logical map of the program’s execution path, forming the backbone of the AI’s memory model.

Through iterative function analysis, the AI calls specialized tools to identify and summarize key functions. Each result feeds into a “chain of evidence,” a detailed, auditable trail that shows how the system reached its conclusion. This log is crucial for human review and system refinement.

To ensure its conclusions are sound, Project Ire uses a validator tool that cross-checks its claims against a knowledge base of expert statements from Microsoft’s own malware engineers. In one instance, it was the first system at Microsoft—human or machine—to author a threat report strong enough to trigger an automatic block on its own.

In early tests on public Windows drivers, the system was highly accurate, achieving 98% precision and incorrectly flagging safe files in only 2% of cases. This low false-positive rate suggests clear potential for deployment in security operations.

When tested against nearly 4,000 “hard-target” files that had stumped other automated systems, it achieved 89% precision and 26% recall, with a 4% false positive rate. While recall was moderate, its accuracy on these difficult cases highlights its potential to augment human analysis.

The AI Arms Race in Cybersecurity

Project Ire’s debut arrives amid a broader, intensifying competition in AI-driven security. Its focus on malware classification contrasts sharply with Google’s Project Big Sleep, which has recently gained attention for autonomously discovering 20 new vulnerabilities in widely used open-source software like FFmpeg and ImageMagick.

Google’s agent, a product of its DeepMind and elite Project Zero teams, has shown a rapid and deliberate evolution. The project first proved its potential in late 2024 by uncovering a bug in the SQLite database engine. The stakes were raised considerably in July 2025, when Google revealed Big Sleep had proactively neutralized an imminent threat, CVE-2025-6965, in a direct race against attackers.

Unlike traditional methods like fuzzing, Big Sleep uses LLMs for deep root-cause analysis, simulating a human researcher’s approach. Google’s vice president of engineering, Royal Hansen, celebrated the findings as “a new frontier in automated vulnerability discovery.”

This trend is not limited to just two players. A growing ecosystem of AI security tools from startups and established firms is emerging. Other tech giants are building complementary systems. Meta, for instance, recently announced AutoPatchBench to evaluate how well AI can automatically fix bugs, alongside LlamaFirewall, a tool designed to prevent AI models from generating insecure code in the first place. Meanwhile, tools like RunSybil and XBOW are also making headlines, with XBOW recently topping a HackerOne leaderboard.

However, this innovation is a double-edged sword. The same AI models used for defense can also perpetuate insecure coding practices. Recent academic research revealed that many LLMs, trained on public code from GitHub, have learned to replicate old bugs, a phenomenon dubbed the “poisoned LLM” problem. This creates a vicious cycle where the tools meant to build the future are inheriting the mistakes of the past.

The dual-use nature of AI is forcing a rapid evolution in defensive strategies, as AI-driven attacks become more sophisticated. As Sheetal Mehta of NTT DATA noted in a related context, “fragmented security tools cannot keep up with today’s automated attacks.” This reflects a growing consensus on the need to harness AI for defense while mitigating its potential for misuse.

As Microsoft’s Brad Smith previously stated, “Our goal needs to be to keep AI advancing as a defensive tool faster than it advances as an offensive weapon.” The development of specialized agents like Ire and Big Sleep represents a critical front in that battle.

Balancing Automation with Human Expertise

While automation promises to help overwhelmed security teams, it also creates new challenges. A key industry concern is “AI slop,” a term for the flood of low-quality or irrelevant bug reports generated by automated tools.

This can fatigue the volunteer maintainers of open-source projects. As Vlad Ionescu, co-founder of AI security startup RunSybil, told TechCrunch, “that’s the problem people are running into, is we’re getting a lot of stuff that looks like gold, but it’s actually just crap.”

To counter this, both Microsoft and Google stress that human expertise remains indispensable. A Google spokesperson, Kimberly Samra, confirmed that “to ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention.”

Microsoft echoes this sentiment. Mike Walker, a Research Manager at Microsoft, explained that early experiences with Project Ire showed “[what we learned from those instances is] that we can leverage the complementary strengths of both humans and AI for protection.” The system’s detailed evidence trail is designed specifically to facilitate this human-machine collaboration.

Microsoft plans to integrate the prototype into its security products as “Binary Analyzer.” The company’s ultimate vision is to detect novel malware directly in memory, scaling its autonomous capabilities to protect billions of devices more effectively.