Researchers in Google's Threat Intelligence Group have discovered two new malware strains — PromptFlux and PromptSteal — that use large language models to change their behavior mid-attack.

appears to be in active development: Researchers observed the author uploading updated versions to VirusTotal, likely to test how good it is at evading detection. It uses Gemini to rewrite its own source code, disguise activity and attempt to move laterally to other connected systems.