Google has identified a new malware called PROMPTFLUX, which uses Visual Basic Script (VBScript) and interacts with its Gemini AI model. This malware can write its own code to enhance obfuscation and avoid detection by antivirus programs. PROMPTFLUX employs a feature called "Thinking Robot," which queries Gemini for specific obfuscation techniques, allowing the malware to modify itself in real-time. It stores these obfuscated versions in the Windows Startup folder to maintain persistence and can spread through removable drives and network shares. While Google sees PROMPTFLUX as a developing threat, Marcus Hutchins, a security researcher, argues that the claims about its sophistication are overstated. He points out flaws in the malware, such as a commented-out self-modification function and a lack of randomness to ensure that the modified code is distinct from previous versions. Despite these critiques, Google warns that adversaries are increasingly using AI not just for productivity but for creating adaptive tools that can alter their behavior during execution. The article also highlights other instances of AI-driven malware, including FRUITSHELL, PROMPTLOCK, and PROMPTSTEAL, which showcase how various threat actors leverage AI for malicious purposes. Notably, some state-sponsored actors from China, Iran, and North Korea have been misusing Gemini to streamline their operations, ranging from phishing to developing custom malware. These developments suggest a growing trend where threat actors, encouraged by the accessibility of advanced AI models, are likely to shift toward using AI-driven tactics as a standard part of their attacks.