VirusTotal now has an AI-powered malware analysis feature

VirusTotal announced on Monday the launch of a new artificial intelligence-based code analysis feature named Code Insight.

The new feature is powered by the Google Cloud Security AI Workbench at the RSA Conference 2023 and which uses the Sec-PaLM large language model (LLM) specifically fine-tuned for security use cases.

VirusTotal Code Insight analyzes potentially harmful files to explain their (malicious) behavior, and it will improve the ability to identify which of them pose actual threats.

“At present, this new functionality is deployed to analyze a subset of PowerShell files uploaded to VirusTotal. The system excludes files that are highly similar to those previously processed, as well as files that are excessively large,” VirusTotal founder Bernardo Quintero .

“This approach allows for the efficient use of analysis resources, ensuring that only the most relevant files (such as PS1 files) are subjected to scrutiny.”

Code Insight will also help get insight into false positives and negatives, as its analysis is entirely independent of associated metadata (like antivirus results) since only the file’s content is being examined.

VirusTotal Code Insight
VirusTotal Code Insight (VirusTotal)

It’s also important to note that the code analysis LLM model is also prone to errors, and its accuracy may vary. Therefore security analysts should interpret Code Insight-generated information while considering contextual data relevant to the analyzed file.

Despite this, as Quintero said, “the integration of LLMs into the arsenal of code analysis tools is a significant advancement that enables security professionals to gain valuable insights into the structure and behavior of potentially malicious code, improving threat detection and response efficiency.”

VirusTotal will add more file formats to the list of supported files in the following days, aiming to expand the scope of this new feature even further.

VirusTotal is an online malware-scanning platform with more than 500,000 registered users and is owned by Google’s Chronicle security subsidiary.

It helps analyze suspicious files and URLs for malicious content (including viruses, worms, and trojans) using over 70 antivirus scanners and domain blocklisting services.

[embedded content]