AI malware: The claims are getting wilder, but the reality is more interesting

This report evaluates claims about AI-generated malware and concludes that while AI makes it easier and cheaper for less-skilled actors to produce mediocre malware or scale phishing, it does not fundamentally change attacker capabilities: polymorphism and AI-assisted code are addressed by behavioral detection, Worm GPT and similar tools are overhyped, fully autonomous AI malware remains implausible given LLM limitations, and the real risk is a lowered floor that increases the volume of detectable but noisy attacks—so defenders should prioritize fundamentals over alarmist headlines.