The emerging use of malware invoking AI

This report surveys recent incidents where attackers embedded or invoked AI/LLMs from payloads—including LameHug (LLM-based reconnaissance and file collection), the compromised Amazon Q Developer Extension (attempted system/cloud wiping), the s1ngularity npm supply-chain campaign (credential theft), and PromptLock (LLM-based ransomware research)—and discusses how use of LLMs affected execution, detection, guardrail bypass attempts, and defender strategies.