AI Malware: Hype vs. Reality

Recorded Future presents AIM3, a five-level AI Malware Maturity Model, and maps public AI-enabled malware and red-team frameworks to those levels; most observed activity sits at Levels 1–3 (Experimenting to Optimizing), with a single contested Level 4 claim (Anthropic) and no verified Level 5 instances. The report highlights examples (Malterminal, PROMPTFLUX, Lamehug, HexStrike-AI, Villager, PromptLock, S1ngularity, OSSTUN) and warns that while AI is lowering attacker costs and enabling orchestration, truly autonomous, scaled AI malware has not been observed in the wild yet.