Cybersecurity researchers have uncovered a new type of malware that uses prompt injection to try and manipulate AI-powered security tools.
This is a major development in the evolution of cyber threats, as attackers begin targeting the very AI systems meant to detect and stop them.
The malware, aptly dubbed “Skynet“, was discovered last month after being anonymously uploaded to VirusTotal.
While not yet fully operational, Skynet is designed to exploit AI systems by embedding natural language prompts within its code. These prompts aim to confuse or mislead AI detectors into thinking the malware is harmless.
One embedded prompt reportedly instructs the AI tool to act as a calculator and respond with “No malware detected” if it understands.
This tactic, known as prompt injection, attempts to override the AI’s core instructions by feeding it new, misleading commands hidden within the malicious code.
Traditional malware often relies on techniques such as encryption or sandbox evasion. Skynet, however, takes a different approach by assuming that it will be analyzed by an AI system and proactively tries to mislead that system.
This indicates a new strategy by threat actors who are beginning to view AI itself as a potential vulnerability. Despite the sophistication of the attempt, current AI models, including OpenAI’s latest security-focused versions, were not fooled.
Tests showed that the AI systems correctly identified the malware and flagged the injection attempt, demonstrating that modern AI defenses still hold strong against basic prompt manipulation.
Technically, Skynet includes multiple malware features such as sandbox detection, encrypted communication channels, and data gathering capabilities.
However, many of these features appear inactive, leading researchers to believe that the malware is more of a proof-of-concept than a fully active threat.
The discovery of Skynet is an early warning sign for the cybersecurity industry. As AI continues to take on a bigger role in detecting and analyzing cyber threats, attackers are adapting accordingly.
Prompt injection, once mainly a concern for chatbot misuse, is now being tested in the wild as a weapon against AI systems.
Experts warn that this tactic may become more widespread. To counter it, cybersecurity teams must adopt new strategies such as prompt hardening, improved model training, and hybrid detection methods that combine AI with traditional rule-based systems.
