Malware techniques, re-imagined for AI agents_
A personal research index mapping classic malware behaviors to their analogues in autonomous AI agent systems. Each entry breaks down the mechanism, the agent-specific attack surface, and the defensive implications — enabling security researchers and red teams to understand, model, and mitigate emerging threats.
Each entry documents how a classical malware primitive maps to an AI agent attack surface, with conceptual breakdowns and defensive guidance.
A multi-stage attack where a malicious actor exploits an AI agent embedded in an email client — starting with social engineering, escalating to email data exfiltration, and ultimately coercing the agent into reading sensitive system files. Demonstrated in a controlled environment with a guardrail-free agent.
A prompt-injection attack that instructs an AI agent to create a malwagents/ folder, copy all workspace files into it, and encrypt each one with AES-256-GCM — locking the operator out of their own data until the attacker supplies the key.
More techniques coming
All content published on MalwAgents is provided exclusively for educational, research, and informational purposes. The techniques, concepts, and code samples described herein are intended to help security professionals, researchers, and developers understand potential threats to AI agent systems so they can build better defenses.
The authors and contributors of MalwAgents expressly disclaim any and all responsibility or liability for any harm, damage, loss, or legal consequence arising from the misuse, unauthorized application, or malicious deployment of any technique, concept, or information presented on this site. This includes, but is not limited to, unauthorized access to computer systems, disruption of services, or any other activity prohibited by applicable law.
By accessing and using this resource you acknowledge that:
If you are not a security professional or researcher operating in a lawful capacity, this resource is not intended for you.