Generate Malicious Commands
Adversaries may use large language models (LLMs) to dynamically generate malicious commands from natural language. Dynamically generated commands may be harder detect as the attack signature is constantly changing. AI generated commands may also allow adversaries to more rapidly adapt to different environments and adju
- Framework
- MITRE ATLAS
- Maturity
- Realized
- Platforms
- Enterprise
- Release
- 2026.05
Overview
Adversaries may use large language models (LLMs) to dynamically generate malicious commands from natural language. Dynamically generated commands may be harder detect as the attack signature is constantly changing. AI-generated commands may also allow adversaries to more rapidly adapt to different environments and adjust their tactics.
Adversaries may utilize LLMs present in the victim's environment or call out to externally hosted services. APT28 utilized a model hosted on HuggingFace in a campaign with their LAMEHUG malware LAMEHUG: APT28's First AI-Powered Malware Explained | Guardsix. In either case prompts to generate malicious code can blend in with normal traffic.