How Rubrik Zero Labs Uses LLMs to Analyze Malware at Machine Speed
AI is changing how malware is built—and how it’s caught. In this episode, Caleb Tolin is joined by Amit Malik, Staff Security Researcher at Rubrik Zero Labs, to unpack how large language models are transforming malware analysis, enabling defenders to sift through thousands of samples and surface truly novel threats. From Chameleon malware abusing WSL to AI-generated attack code, this conversation explores what real data resilience looks like in an AI-driven threat landscape.
What You’ll Learn:
- How LLMs help analysts move from syntax-level review to intent-based malware analysis
- Why processing thousands of samples daily requires AI-assisted triage and clustering
- How attackers are abusing WSL and cloud-native environments to evade detection
- What AI-generated, dynamically delivered malware code means for traditional defenses
- Where LLMs excel—and where human validation remains essential
- Why resilience matters more than speed in AI-driven security operations
Episode Highlights:
- [00:00] AI-generated malware and shrinking attacker footprints
- [03:30] Why Rubrik Zero Labs built an LLM-driven malware analysis system
- [05:45] Scaling from 6,000 samples to 20 worth investigating [07:40] Extracting malware “business logic” before sending code to LLMs
- [10:05] Chameleon malware abusing Windows Subsystem for Linux
- [13:00] APT-linked Linux RATs and what sophistication signals intent
- [15:00] LLM hallucinations and the need for human verification
Rubik Inc. 