Researchers at cybersecurity company Check Point Software have identified the first documented malicious code designed to evade AI-based security tools using so-called prompt injection. This tactic involves an attacker attempting to communicate directly with an AI model to persuade it to classify malicious code as harmless.
As AI and language models become more integral to modern security solutions, new methods to deceive these systems are emerging. The sample in question was discovered in June 2025 and employed several known evasion techniques. What made it notable was a segment of code written as a direct instruction to the AI system, aiming to trick it into ignoring harmful content.
The malicious code did not succeed in fooling Check Point Software’s AI-driven analysis tools. The model detected the attempted attack and correctly flagged the file as malicious. Even failed attacks, however, clearly indicate the direction of the threat landscape and underscore the importance of building defenses resilient to manipulation of AI systems.
“This is a clear example of how the threat landscape is evolving,” says Fredrik Sandström, security expert at Check Point Software. “We are seeing the beginning of a new type of attack where the AI model itself becomes the target. This should serve as a wake-up call for organizations to strengthen their security systems.”
Check Point calls this emerging threat category AI Evasion, a form of attack expected to grow as generative AI is more widely integrated into security workflows.
For more information, see Check Point Software’s blog post: https://blog.checkpoint.com/artificial-intelligence/ai-evasion-the-next-frontier-of-malware-techniques/