On August 6, 2025, Microsoft introduced Project Ire, an autonomous AI system designed to analyze and classify software without human intervention. This innovation represents a significant leap forward in the fight against malware, leveraging large language models (LLMs) to streamline and scale threat detection.

According to Microsoft, Project Ire automates what is considered the “gold standard” of malware classification—a complete reverse engineering of software files without prior knowledge of their source or purpose. The system employs decompilers, documentation searches, control flow analysis, and additional reverse engineering tools to determine whether a program is malicious or benign.

The goal of Project Ire is to:

• Automate malware analysis on a large scale
• Reduce the manual workload for security analysts
• Accelerate the threat detection and response process

Advanced Analysis Using Multi-Tool Intelligence

Project Ire’s capabilities span multiple levels of analysis, from low-level binary inspection to high-level behavioral evaluation. It interacts with a variety of tools through an API, including:

• Microsoft’s memory analysis environments built on Project Freta
• Popular frameworks like angr and Ghidra
• Custom-built and open-source reverse engineering solutions

The system runs through several steps:

1. Identifies the file type and structure using automated tools
2. Reconstructs the control flow graph of the software
3. Summarizes key functions using LLM-driven tool calls
4. Validates its conclusions through an evidence-based process

Each classification comes with a transparent “chain of evidence” that documents the rationale behind the verdict, allowing security professionals to audit and refine results as needed.

Early Results Show High Accuracy

During internal testing, Project Ire demonstrated impressive performance:

• Accurately flagged 90% of Windows driver files in a public dataset
• Misclassified only 2% of benign files
• In a second test of nearly 4,000 challenging files, it correctly identified almost 90% of malicious files, with a false positive rate of 4%

Future Integration and Vision

Given these promising outcomes, Microsoft plans to integrate Project Ire into its Microsoft Defender suite under the name Binary Analyzer, enhancing both malware detection and classification capabilities.

Ultimately, Microsoft envisions scaling Project Ire to reliably classify software from any source, even upon first encounter, and to detect novel malware directly in memory on a large scale.

Security Research Investment Continues

This development coincides with Microsoft’s growing investment in cybersecurity. The company revealed it had paid out $17 million in bug bounties to 344 researchers across 59 countries between July 2024 and June 2025—surpassing the previous year’s record.

Source: https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html