EDUCATIONAL USE ONLY. This resource is intended strictly for security research and defensive awareness. By accessing this content you agree to use it only for lawful, authorized purposes.

Security Research

MalwAgents

Malware techniques, re-imagined for AI agents_

A curated research index mapping classic malware behaviors to their analogues in autonomous AI agent systems. Each entry breaks down the mechanism, the agent-specific attack surface, and the defensive implications — enabling security researchers and red teams to understand, model, and mitigate emerging threats.

01
Techniques indexed
01
Threat categories
Research
Purpose
Technique Index

Attack Techniques

Each entry documents how a classical malware primitive maps to an AI agent attack surface, with conceptual breakdowns and defensive guidance.

AGT-001

Ransomware for Agents

Publishedcritical

A prompt-injection attack that instructs an AI agent to create a malwagents/ folder, copy all workspace files into it, and encrypt each one with AES-256-GCM — locking the operator out of their own data until the attacker supplies the key.

Filesystem hijackingAES-256-GCM encryptionPrompt injectionState denial
Read writeup
+

More techniques coming

About this project

Why study malware techniques in AI agents?

As autonomous AI agents gain the ability to execute code, browse the web, manage files, and chain together complex actions, they inherit an entirely new class of security risks that classic threat models were not designed to address.

By mapping well-understood malware primitives — ransomware, worms, rootkits, keyloggers, C2 frameworks — onto agent architectures, researchers can reason clearly about attack surfaces, develop targeted mitigations, and build agents that are robust-by-design.

IR
Author & creator
Igor Rincon
🔬
Pure research
Every technique is analyzed from an academic and defensive lens. The goal is understanding, not exploitation.
🛡️
Defensive focus
Each writeup includes mitigations, detection strategies, and design guidance for building safer agents.
📖
Open knowledge
Threat awareness should be shared. Keeping attack surfaces hidden only benefits bad actors.

Legal Disclaimer & Responsible Use

All content published on MalwAgents is provided exclusively for educational, research, and informational purposes. The techniques, concepts, and code samples described herein are intended to help security professionals, researchers, and developers understand potential threats to AI agent systems so they can build better defenses.

The authors and contributors of MalwAgents expressly disclaim any and all responsibility or liability for any harm, damage, loss, or legal consequence arising from the misuse, unauthorized application, or malicious deployment of any technique, concept, or information presented on this site. This includes, but is not limited to, unauthorized access to computer systems, disruption of services, or any other activity prohibited by applicable law.

By accessing and using this resource you acknowledge that:

  • You will use this information only in lawful, authorized contexts such as your own systems, controlled research environments, or explicitly authorized engagements.
  • You are solely responsible for ensuring compliance with all applicable local, national, and international laws.
  • This site does not endorse, facilitate, or encourage any form of illegal activity.

If you are not a security professional or researcher operating in a lawful capacity, this resource is not intended for you.