Earlier this year, Anthropic—the AI company that created the Claude chatbot—sounded the alarm on a growing threat: criminals using AI to supercharge cyberattacks. In what it described as a “large-scale extortion operation,” a hacker used Claude Code—a version of the chatbot that specializes in coding—to steal credentials and penetrate networks.

The criminal targeted at least 17 companies across government, healthcare, and emergency services. Anthropic noted that AI-assisted cybercrime is particularly challenging to stop because AI tools can “adapt to defensive measures, like malware detection systems, in real time.” It’s a stark reminder that AI’s power to speed up and scale attacks can be irresistible to cybercriminals. And the best way to fight AI-powered threats may just be AI itself.

Booz Allen employs some of the world's most skilled cyber professionals, including top reverse engineers with years of experience defending against malware attacks from adversaries and criminal gangs. Now, we’ve encoded these professionals’ unique expertise into Vellox Reverser™, a product that uses agentic AI to analyze malware and figure out how to stop it in a fraction of the time that it takes human analysts alone. 

“Vellox Reverser applies the same techniques, procedure, and tradecraft as the world’s top reverse engineers, but it does in minutes what even the best professionals in this field do in days or weeks,” says Joseph Gillespie, senior vice president of cyber product development at Booz Allen. “It can save cybersecurity teams 7 to 10 days of manual work and provides a level of expertise that many security teams don’t have.” 

Malware is a common and costly type of cyberattack. These breaches occur when cybercriminals place a malicious type of software, like a virus or ransomware, on a network or server and then use the software to steal data or cause harm to the system. Malware attacks cost companies billions of dollars a year, and the threat is growing. New research from Cybersecurity at MIT Sloan and Safe Security found that 80% of ransomware attacks are using AI.

Gillespie refers to this growing threat as the “democratization” of cyber warfare. Previously, the expensive, time-intensive process of building advanced malware meant only well-funded nation states or well-organized criminal syndicates could build malware that was sophisticated enough to attack other countries or breach highly secure networks.

But, as Anthropic’s experience shows, bad guys with no coding experience and access to LLMs can now build advanced malware and orchestrate complex cyberattacks. It’s created an explosion in the number of malware variants and made responding more difficult. Gillespie compares the current moment to a pandemic with a near-infinite number of flu strains that can mutate in real time. Even if someone recently caught a similar strain of the same disease, they could still be infected with a new strain, making it nearly impossible to eradicate. 

The Vellox Reverser product puts the power of advanced reverse engineering into the hands of businesses and governments at unprecedented scale and speed. In one test, it took Vellox Reverser less than three minutes to find and analyze more than 120 functions within a piece of malware, label 39 of them as malicious, and produce a comprehensive report with actionable countermeasures. The same process conducted manually by a human team would have taken up to 10 days to complete.

“This shortened response time has the potential to save organizations millions, if not billions, in damages brought on by hackers,” Gillespie says. 

Because Vellox Reverser can decode malware so quickly, it makes it possible to “inoculate” networks against an extreme number of variants. “Every time there’s a permutation, you can rapidly reverse engineer it, determine what’s infected, defend your network, and move on to the next thing,” adds Gillespie. 

Underlying Vellox Reverser are intelligent AI agents trained on proprietary tools, instructions from Booz Allen’s in-house reverse engineers, and the company’s unique understanding of cyberthreats gained from protecting government and commercial infrastructure.

“Our experience working shoulder-to-shoulder with government agencies to counter threats from foreign adversaries and cyber criminals gives us the necessary expertise to build technology solutions like Vellox Reverser that can address the threat of AI-powered malware,” says Mujtaba Hamid, executive vice president of product at Booz Allen.