Microsoft announces 'Project Ire,' an AI-powered system that can autonomously reverse engineer and identify malicious software without human assistance

Microsoft has announced Project Ire , a system that uses AI to autonomously reverse engineer software using specialized tools. It is said to be able to visualize software behavior and its risks without human assistance.

Project Ire autonomously identifies malware at scale - Microsoft Research

Project Ire first identifies file types, structures, and potential threat areas, then classifies them based on threat level. From there, the system uses frameworks such as angr and Ghidra to reconstruct the software's control flow graph, building the graph that forms the basis of Project Ire's memory model and subsequent analysis.

For each file it analyzes, Project Ire examines the code and generates a report that includes a summary of all code functions, among other things.

The report includes a summary of the potential threat, such as, 'This binary contains multiple functions that indicate malicious intent. These functions enumerate system processes and terminate any process whose name contains a specified string. This behavior is commonly seen in malware that attempts to disable or evade security software by killing processes.' It is hoped that having a human examine this will simplify security measures that have previously been implemented entirely by hand.

In its initial evaluation, Microsoft said the Project Ire system correctly identified 90% of all files and made only about 2% of mistakes, identifying harmless files as threats. This accuracy is considered sufficient for practical use, according to Microsoft.

Based on these successes, the Project Ire prototype will be used by the Microsoft Defender team as a binary analyzer for threat detection and software classification.

'Our goal is to scale the speed and accuracy of our system so that it can correctly classify files from any source, even on the first encounter,' Microsoft said.

Microsoft also announced plans to hold a hacking event called 'Zero Day Quest' in the spring of 2026.

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards | MSRC Blog | Microsoft Security Response Center
https://msrc.microsoft.com/blog/2025/08/zero-day-quest-join-the-largest-hacking-event-with-up-to-5-million-in-total-bounty-awards/