Spyware Uses Forbidden Text to Fool AI Security Scanners
🟡 Medium | Source: Schneier on Security Malware authors are embedding text about nuclear and biological weapons inside JavaScript comment blocks within spyware payloads, with the goal of triggering content refusals or confusion in AI-powered code analysis tools. Because the text sits inside a comment, it has no effect on code execution but can derail automated scanners that feed raw file content to language models without properly sandboxing it. This represents a novel evasion technique that exploits weaknesses in AI-assisted security tooling rather than in traditional detection systems. ...