Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on Democracy in Strasbourg, the general expectation is that democracy will be the worse for it. We have another narrative. Yes, there are risks to democracy from AI, but there are also opportunities.

We have just published the book Rewiring Democracy: How AI will Transform Politics, Government, and Citizenship. In it, we take a clear-eyed view of how AI is undermining confidence in our information ecosystem, how the use of biased AI can harm constituents of democracies and how elected officials with authoritarian tendencies can use it to consolidate power. But we also give positive examples of how AI is transforming democratic governance and politics for the better...

The post Four Ways AI Is Being Used to Strengthen Democracies Worldwide appeared first on Security Boulevard.

Anthropic today released Opus 4.5, its flagship frontier model, and it brings improvements in coding performance, as well as some user experience improvements that make it more generally competitive with OpenAI’s latest frontier models.

Perhaps the most prominent change for most users is that in the consumer app experiences (web, mobile, and desktop), Claude will be less prone to abruptly hard-stopping conversations because they have run too long. The improvement to memory within a single conversation applies not just to Opus 4.5, but to any current Claude models in the apps.

Users who experienced abrupt endings (despite having room left in their session and weekly usage budgets) were hitting a hard context window (200,000 tokens). Whereas some large language model implementations simply start trimming earlier messages from the context when a conversation runs past the maximum in the window, Claude simply ended the conversation rather than allow the user to experience an increasingly incoherent conversation where the model would start forgetting things based on how old they are.

Read full article

Comments

There’s been a lot of talk of an AI bubble lately, especially regarding circular funding involving companies like OpenAI and Anthropic—but Clem Delangue, CEO of machine-learning resources hub Hugging Face, has made the case that the bubble is specific to large language models, which is just one application of AI.

“I think we’re in an LLM bubble, and I think the LLM bubble might be bursting next year,” he said at an Axios event this week, as quoted in a TechCrunch article. “But ‘LLM’ is just a subset of AI when it comes to applying AI to biology, chemistry, image, audio, [and] video. I think we’re at the beginning of it, and we’ll see much more in the next few years.”

At Ars, we’ve written at length in recent days about the fears around AI investment. But to Delangue’s point, almost all of those discussions are about companies whose chief product is large language models, or the data centers meant to drive those—specifically, those focused on general-purpose chatbots that are meant to be everything for everybody.

Read full article

Comments

In today’s fast-moving world of AI and large language models (LLMs), I’ve learned that one of the most valuable skills is not just understanding what these models can do but knowing how to guide them effectively. As I’ve spent time building applications, conducting research, and experimenting with different prompts, I’ve realized that real progress comes from learning how to control the generation process.

In this blog, I want to share seven generation control techniques that have made a real difference in how I work with AI and that every practitioner, researcher, or enthusiast can benefit from.

1. Temperature
2. Top-p/Top-k Sampling
3. Prompt Engineering Techniques
4. Few-shot Learning
5. In-context Learning
6. Chain-of-Thought Prompting
7. Hallucination Prevention

1. Temperature

Understanding Temperature

Temperature is perhaps the most fundamental parameter for controlling AI generation. It controls the randomness of the model’s output by scaling the probability distribution over possible tokens.

How Temperature Works

Behind the scenes, language models output logits unnormalized log probabilities for each possible next token.

p_i = exp(z_i / T) / Σ_j exp(z_j / T)

Where:

• z_i is the logit for token i
• T is the temperature parameter
• p_i is the final probability of selecting token i

What’s Really Happening?

Think of temperature as a “confidence dial”:

• Low Temperature (T < 1): Sharpens the distribution, making high-probability tokens even more dominant
• Temperature = 1: Uses the model’s natural probability distribution
• High Temperature (T > 1): Flattens the distribution, giving more chance to unlikely tokens
• Temperature → 0: Becomes deterministic (always picks the most likely token)
• Temperature → ∞: Approaches uniform randomness

The Sampling Algorithm

Here’s what happens under the hood:

import numpy as np

def temperature_sample(logits, temperature=1.0):
    # Step 1: Scale logits by temperature
    scaled_logits = logits / temperature
    
    # Step 2: Apply softmax (with numerical stability)
    exp_logits = np.exp(scaled_logits - np.max(scaled_logits))
    probs = exp_logits / np.sum(exp_logits)
    
    # Step 3: Sample from the distribution
    next_token = np.random.choice(len(probs), p=probs)
    
    return next_token

The numerical stability trick (subtracting max before exp) prevents overflow when dealing with large logit values.

Practical Examples

1) Low Temperature (0.1–0.3)

Perfect for tasks requiring consistency and precision:

# Example with low temperature
response = openai.ChatCompletion.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "What is the capital of France?"}],
    temperature=0.1
)
# Output: "The capital of France is Paris."

Use cases:

• Factual question answering
• Code generation
• Mathematical calculations
• Data extraction
• Classification tasks

The model becomes highly deterministic, consistently choosing the most probable tokens.

2) High Temperature (0.7–1.0+)

Unleashes creativity and diverse outputs:

# Example with high temperature
response = openai.ChatCompletion.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Describe a sunset"}],
    temperature=0.9
)
# Output might vary each time:
# "The crimson orb melted into the horizon..."
# "Golden light spilled across the darkening sky..."
# "Fire painted the clouds as day surrendered to night..."

Use cases:

• Creative writing
• Brainstorming sessions
• Poetry and artistic content
• Marketing copy variations
• Story generation

Each run produces notably different outputs as the model explores less probable but potentially more interesting token choices.

2. Top-k and Top-p Sampling

Overview

While temperature scales the entire probability distribution, top-p and top-k are truncation methods that eliminate low-probability tokens before sampling. They provide different ways to control output quality and diversity.

Top-k Sampling

Top-k sampling keeps only the k most probable tokens and redistributes their probability mass.

How it works?

1. Get probability distribution: P = softmax(logits / temperature)
2. Sort tokens by probability: P_sorted
3. Keep only top-k tokens, set others to 0
4. Renormalize: P’_i = P_i / Σ(top-k probabilities)
5. Sample from P’

import torch
import torch.nn.functional as F
def top_k_sampling(logits, k=50, temperature=1.0):
    """
    Top-k sampling implementation
    
    Args:
        logits: [vocab_size] tensor of unnormalized scores
        k: number of top tokens to keep
        temperature: temperature scaling factor
    
    Returns:
        sampled token index
    """
    # Step 1: Apply temperature
    logits = logits / temperature
    
    # Step 2: Get top-k logits and their indices
    top_k_logits, top_k_indices = torch.topk(logits, k)
    
    # Step 3: Apply softmax to top-k logits only
    top_k_probs = F.softmax(top_k_logits, dim=-1)
    
    # Step 4: Sample from top-k distribution
    sampled_index = torch.multinomial(top_k_probs, num_samples=1)
    
    # Step 5: Map back to original vocabulary index
    token = top_k_indices[sampled_index]
    
    return token

Example

Let’s say we have vocabulary of 8 tokens:

tokens = ['the', 'a', 'is', 'very', 'quite', 'extremely', 'somewhat', 'rather']
logits = [5.0, 4.5, 3.2, 2.8, 1.5, 0.8, 0.3, -0.5]

# After softmax (temperature = 1.0)
probs = [0.426, 0.259, 0.070, 0.047, 0.013, 0.006, 0.004, 0.002]

With top-k = 3:

# Step 1: Select top-3 tokens
top_k_tokens = ['the', 'a', 'is']
top_k_probs = [0.426, 0.259, 0.070]

Top-p (Nucleus Sampling)

Top-p (also called nucleus sampling) keeps the smallest set of tokens whose cumulative probability ≥ p.

How it works?

1. Get probability distribution: P = softmax(logits / temperature)
2. Sort tokens by probability (descending)
3. Calculate cumulative sum: CDF_i = Σ P_j for j ≤ i
4. Find nucleus: N = {tokens where CDF ≤ p}
5. Renormalize and sample from N

def top_p_sampling(logits, p=0.9, temperature=1.0):
    """
    Top-p (nucleus) sampling implementation
    
    Args:
        logits: [vocab_size] tensor of unnormalized scores
        p: cumulative probability threshold (0 < p ≤ 1)
        temperature: temperature scaling factor
    
    Returns:
        sampled token index
    """
    # Step 1: Apply temperature and softmax
    logits = logits / temperature
    probs = F.softmax(logits, dim=-1)
    
    # Step 2: Sort probabilities in descending order
    sorted_probs, sorted_indices = torch.sort(probs, descending=True)
    
    # Step 3: Calculate cumulative probabilities
    cumsum_probs = torch.cumsum(sorted_probs, dim=-1)
    
    # Step 4: Find the nucleus (tokens to keep)
    # Remove tokens where cumsum > p (keep first token that exceeds p)
    sorted_indices_to_remove = cumsum_probs > p
    
    # Shift right to keep the first token that exceeds p
    sorted_indices_to_remove[1:] = sorted_indices_to_remove[:-1].clone()
    sorted_indices_to_remove[0] = False
    
    # Step 5: Set removed token probabilities to 0
    sorted_probs[sorted_indices_to_remove] = 0.0
    
    # Step 6: Renormalize
    sorted_probs = sorted_probs / sorted_probs.sum()
    
    # Step 7: Sample from the nucleus
    sampled_sorted_index = torch.multinomial(sorted_probs, num_samples=1)
    
    # Step 8: Map back to original vocabulary
    token = sorted_indices[sampled_sorted_index]
    
    return token

Same Example

tokens = ['the', 'a', 'is', 'very', 'quite', 'extremely', 'somewhat', 'rather']
probs = [0.426, 0.259, 0.070, 0.047, 0.013, 0.006, 0.004, 0.002]

With top-p = 0.9:

# Step 1: Sort by probability (already sorted)
# Step 2: Calculate cumulative sum
cumulative = [0.426, 0.685, 0.755, 0.802, 0.815, 0.821, 0.825, 0.827]

With top-p = 0.75:

# cumulative[2] = 0.755 > 0.75 ← Stop here!
# Nucleus = ['the', 'a', 'is']

Visual Comparison

Top-k = 4 (Fixed):
███████████████ the (40%)      ← Keep
██████████ a (25%)             ← Keep
████ is (10%)                  ← Keep
███ very (8%)                  ← Keep
-- (7%)                        ← Discard (not in top-4)
-- (5%)                        ← Discard
-- (3%)                        ← Discard
-- (2%)                        ← Discard

Top-p = 0.9 (Adaptive):
███████████████ the (40%)      ← Keep
██████████ a (25%)             ← Keep
████ is (10%)                  ← Keep
███ very (8%)                  ← Keep
-- (7%)                        ← Keep (cumsum still < 90%)
-- (5%)                        ← Discard (cumsum > 90%)
-- (3%)                        ← Discard
-- (2%)                        ← Discard

3. Prompt Engineering Techniques

Effective prompts are the foundation of controlled generation. The way you structure your prompts directly impacts the quality and relevance of outputs.

Clear Instructions

Bad: "Tell me about dogs"
Good: "Write a 200-word informative paragraph about dog training techniques for puppies, focusing on positive reinforcement methods."

Role-Based Prompting

Prompt: "You are an expert data scientist with 10 years of experience.
Explain gradient descent in simple terms for a beginner."

Format Specification

Prompt: "List the top 5 programming languages for beginners.
Format your response as:
1. [Language]: [Brief description]
2. [Language]: [Brief description]
..."

Constraint Setting

Prompt: "Write a product review for a smartphone. Requirements:
- Exactly 150 words
- Include both pros and cons
- Mention battery life, camera, and performance
- Use a neutral tone"

4. Few-shot Learning

Few-shot learning involves providing examples within your prompt to guide the model’s behavior. This technique is incredibly powerful for establishing patterns and desired output formats.

Example: Sentiment Classification

Prompt: "Classify the sentiment of these reviews:

Review: 'This product exceeded my expectations!'
Sentiment: Positive

Review: 'Terrible quality, waste of money.'
Sentiment: Negative

Review: 'It's okay, nothing special.'
Sentiment: Neutral

Review: 'I love this new feature update!'
Sentiment: ?"

Example: Code Generation

Prompt: "Convert natural language to Python functions:

Input: 'Create a function that adds two numbers'
Output:
def add_numbers(a, b):
    return a + b

Input: 'Create a function that finds the maximum in a list'
Output:
def find_maximum(numbers):
    return max(numbers)

Input: 'Create a function that reverses a string'
Output: ?"

Benefits of Few-shot Learning:

• Establishes clear patterns
• Reduces ambiguity
• Improves consistency across outputs
• Minimizes need for fine-tuning

5. In-context Learning

In-context learning leverages the model’s ability to understand and apply new information provided within the conversation context, without updating the model’s parameters.

Dynamic Adaptation Example

Prompt: "I'm working with a specific dataset format:
{
  'customer_id': 12345,
  'purchase_date': '2024-01-15',
  'items': ['laptop', 'mouse'],
  'total': 899.99
}

Based on this format, generate 3 sample customer records for an electronics store."

Context-Aware Responses

Conversation Context:
User: "I'm building a React application for a food delivery service."
AI: "Great! What specific functionality are you looking to implement?"

User: "I need help with the cart component."
AI: [Provides React-specific cart component code tailored to food delivery]

Best Practices for In-context Learning:

• Provide clear, relevant context early in the conversation
• Reference previous context when building on discussions
• Use specific examples from your domain
• Maintain consistency with established patterns

6. Chain-of-Thought Prompting

Chain-of-Thought (CoT) prompting encourages the model to show its reasoning process, leading to more accurate and explainable outputs.

Basic Chain-of-Thought

Prompt: "Solve this step by step:
A store has 24 apples. They sell 8 apples in the morning and 6 apples in the afternoon. How many apples are left?

Let me work through this step by step:
1) Starting apples: 24
2) Sold in morning: 8
3) Sold in afternoon: 6
4) Total sold: 8 + 6 = 14
5) Remaining: 24 - 14 = 10

Therefore, 10 apples are left."

Zero-Shot Chain-of-Thought

Prompt: "A company's revenue increased by 20% in Q1 and decreased by 10% in Q2. If they started with $100,000, what's their revenue at the end of Q2? Let's think step by step."

Complex Reasoning Example

Prompt: "Analyze whether this business model is sustainable:

Business: Subscription-based meal delivery service
- Monthly fee: $50
- Food cost per meal: $8
- Delivery cost per meal: $3
- 20 meals per month per subscriber

Let's break this down step by step:"

When to Use Chain-of-Thought:

• Mathematical calculations
• Logic problems
• Decision-making scenarios
• Complex analysis tasks

7. Hallucination Prevention

Hallucinations when AI models generate false or nonsensical information are a significant challenge. Here are strategies to minimize them:

Grounding Techniques

Prompt: "Based ONLY on the following text, answer the question:

Text: [Insert specific source material]

Question: [Your question]

If the answer cannot be found in the provided text, respond with 'Information not available in the source.'"

Confidence Indicators

Prompt: "Answer the following question and indicate your confidence level (High/Medium/Low):

Question: What is the population of Tokyo in 2024?
Answer: [Response]
Confidence: [Level]
Reasoning: [Why this confidence level]"

Fact-Checking Prompts

Prompt: "Claim: 'Python was created in 1995 by Guido van Rossum'

Please verify this claim step by step:
1. Check the creation year
2. Verify the creator
3. Provide the correct information if any part is wrong
4. Rate the accuracy: Correct/Partially Correct/Incorrect"

Source Citation Requirements

Prompt: "Write a summary about renewable energy trends. For each major claim, indicate what type of source would be needed to verify it (e.g., 'government report', 'academic study', 'industry survey')."

Hallucination Prevention Best Practices:

• Request sources and citations
• Use specific, factual prompts
• Ask for confidence levels
• Provide authoritative source material when possible

(You can use RAG also😃)

Combining Techniques for Maximum Control

The real power comes from combining these techniques strategically:

Example: Research Assistant

Prompt: "You are a research assistant helping with academic writing.
Temperature: 0.3 (for accuracy)

Task: Summarize the key findings about machine learning bias from the following paper excerpt.
Follow this format:

1. Main Finding: [One sentence]
2. Supporting Evidence: [Key statistics or examples]
3. Implications: [What this means for practitioners]
4. Confidence: [High/Medium/Low based on source quality]

Paper Excerpt: [Insert text]

Think through this step by step, and only include information directly supported by the text."

Conclusion

Mastering generation control is essential for anyone working with AI models. By understanding and applying these six techniques temperature and top-p sampling, prompt engineering, few-shot learning, in-context learning, chain-of-thought prompting, and hallucination prevention you can dramatically improve the quality, reliability, and usefulness of AI-generated content.

Thank you for reading!🤗I hope that you found this article both informative and enjoyable to read. (Comment if you build any async Agent application lately love to hear that🙂)

Fore more information like this follow me on LinkedIn

Generation Control: Mastering AI Output for Better Results was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication.

The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek.

Background

RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels’ modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. These sites, in turn, download script files to ultimately infect the targeted machines. The final payloads consist of various remote access Trojan (RAT) implants, which enable the threat actor to issue commands for controlling compromised systems, stealing sensitive data, and maintaining persistence, among other malicious activities.

In previous campaigns, the group was observed using malicious emails with Word, Excel, or PDF documents attached. Some of them exploited the CVE-2017-0199 vulnerability, loading Visual Basic Scripting (VBS), or PowerShell scripts to install customized versions of different RAT families, such as RevengeRAT, NanoCoreRAT, NjRAT, 888 RAT, and custom malware named ProCC. These campaigns affected hotels in multiple countries across Latin America, including Brazil, Argentina, Chile, and Mexico, but also hotel front-desks globally, particularly in Russia, Belarus, Turkey, and so on.

Later, this threat group expanded its arsenal by adding XWorm, a RAT with commands for control, data theft, and persistence, amongst other things. While investigating the campaign that distributed XWorm, we identified high-confidence indicators that RevengeHotels also used the RAT tool named DesckVBRAT in their operations.

In the summer of 2025, we observed new campaigns targeting the same sector and featuring increasingly sophisticated implants and tools. The threat actors continue to employ phishing emails with invoice themes to deliver VenomRAT implants via JavaScript loaders and PowerShell downloaders. A significant portion of the initial infector and downloader code in this campaign appears to be generated by large language model (LLM) agents. This suggests that the threat actor is now leveraging AI to evolve its capabilities, a trend also reported among other cybercriminal groups.

The primary targets of these campaigns are Brazilian hotels, although we have also observed attacks directed at Spanish-speaking markets. Through a comprehensive analysis of the attack patterns and the threat actor’s modus operandi, we have established with high confidence that the responsible actor is indeed RevengeHotels. The consistency of the tactics, techniques, and procedures (TTPs) employed in these attacks aligns with the known behavior of RevengeHotels. The infrastructure used for payload delivery relies on legitimate hosting services, often utilizing Portuguese-themed domain names.

Initial infection

The primary attack vector employed by RevengeHotels is phishing emails with invoicing themes, which urge the recipient to settle overdue payments. These emails are specifically targeted at email addresses associated with hotel reservations. While Portuguese is a common language used in these phishing emails, we have also discovered instances of Spanish-language phishing emails, indicating that the threat actor’s scope extends beyond Brazilian hospitality establishments and may include targets in Spanish-speaking countries or regions.

Example of a phishing email about a booking confirmation

In recent instances of these attacks, the themes have shifted from hotel reservations to fake job applications, where attackers sent résumés in an attempt to exploit potential job opportunities at the targeted hotels.

Malicious implant

The malicious websites, which change with each email, download a WScript JS file upon being visited, triggering the infection process. The filename of the JS file changes with every request. In the case at hand, we analyzed Fat146571.js (fbadfff7b61d820e3632a2f464079e8c), which follows the format Fat\{NUMBER\}.js, where “Fat” is the beginning of the Portuguese word “fatura”, meaning “invoice”.

The script appears to be generated by a large language model (LLM), as evidenced by its heavily commented code and a format similar to those produced by this type of technology. The primary function of the script is to load subsequent scripts that facilitate the infection.

A significant portion of the new generation of initial infectors created by RevengeHotels contains code that seems to have been generated by AI. These LLM-generated code segments can be distinguished from the original malicious code by several characteristics, including:

• The cleanliness and organization of the code
• Placeholders, which allow the threat actor to insert their own variables or content
• Detailed comments that accompany almost every action within the code
• A notable lack of obfuscation, which sets these LLM-generated sections apart from the rest of the code

AI generated code in a malicious implant as compared to custom code

Second loading step

Upon execution, the loader script, Fat\{NUMBER\}.js, decodes an obfuscated and encoded buffer, which serves as the next step in loading the remaining malicious implants. This buffer is then saved to a PowerShell (PS1) file named SGDoHBZQWpLKXCAoTHXdBGlnQJLZCGBOVGLH_{TIMESTAMP}.ps1 (d5f241dee73cffe51897c15f36b713cc), where “\{TIMESTAMP\}” is a generated number based on the current execution date and time. This ensures that the filename changes with each infection and is not persistent. Once the script is saved, it is executed three times, after which the loader script exits.

The script SGDoHBZQWpLKXCAoTHXdBGlnQJLZCGBOVGLH_{TIMESTAMP}.ps1 runs a PowerShell command with Base64-encoded code. This code retrieves the cargajecerrr.txt (b1a5dc66f40a38d807ec8350ae89d1e4) file from a remote malicious server and invokes it as PowerShell.

This downloader, which is lightly obfuscated, is responsible for fetching the remaining files from the malicious server and loading them. Both downloaded files are Base64-encoded and have descriptive names: venumentrada.txt (607f64b56bb3b94ee0009471f1fe9a3c), which can be interpreted as “VenomRAT entry point”, and runpe.txt (dbf5afa377e3e761622e5f21af1f09e6), which is named after a malicious tool for in-memory execution. The first file, venumentrada.txt, is a heavily obfuscated loader (MD5 of the decoded file: 91454a68ca3a6ce7cb30c9264a88c0dc) that ensures the second file, a VenomRAT implant (3ac65326f598ee9930031c17ce158d3d), is correctly executed in memory.

The malicious code also exhibits characteristics consistent with generation by an AI interface, including a coherent code structure, detailed commenting, and explicit variable naming. Moreover, it differs significantly from previous samples, which had a structurally different, more obfuscated nature and lacked comments.

Exploring VenomRAT

VenomRAT, an evolution of the open-source QuasarRAT, was first discovered in mid-2020 and is offered on the dark web, with a lifetime license costing up to $650. Although the source code of VenomRAT was leaked, it is still being sold and used by threat actors.

VenomRAT packages on the dark web

According to the vendor’s website, VenomRAT offers a range of capabilities that build upon and expand those of QuasarRAT, including HVNC hidden desktop, file grabber and stealer, reverse proxy, and UAC exploit, amongst others.

As with other RATs, VenomRAT clients are generated with custom configurations. The configuration data within the implant (similar to QuasarRAT) is encrypted using AES and PKCS #5 v2.0, with two keys employed: one for decrypting the data and another for verifying its authenticity using HMAC-SHA256. Throughout the malware code, different sets of keys and initialization vectors are used sporadically, but they consistently implement the same AES algorithm.

Anti-kill

It is notable that VenomRAT features an anti-kill protection mechanism, which can be enabled by the threat actor upon execution. Initially, the RAT calls a function named EnableProtection, which retrieves the security descriptor of the malicious process and modifies the Discretionary Access Control List (DACL) to remove any permissions that could hinder the RAT’s proper functioning or shorten its lifespan on the system.

The second component of this anti-kill measure involves a thread that runs a continuous loop, checking the list of running processes every 50 milliseconds. The loop specifically targets those processes commonly used by security analysts and system administrators to monitor host activity or analyze .NET binaries, among other tasks. If the RAT detects any of these processes, it will terminate them without prompting the user.

List of processes that the malware looks for to terminate

The anti-kill measure also involves persistence, which is achieved through two mechanisms written into a VBS file generated and executed by VenomRAT. These mechanisms ensure the malware’s continued presence on the system:

1. Windows Registry: The script creates a new key under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce, pointing to the executable path. This allows the malware to persist across user sessions.
2. Process: The script runs a loop that checks for the presence of the malware process in the process list. If it is not found, the script executes the malware again.

If the user who executed the malware has administrator privileges, the malware takes additional steps to ensure its persistence. It sets the SeDebugPrivilege token, enabling it to use the RtlSetProcessIsCritical function to mark itself as a critical system process. This makes the process “essential” to the system, allowing it to persist even when termination is attempted. However, when the administrator logs off or the computer is about to shut down, VenomRAT removes its critical mark to permit the system to proceed with these actions.

As a final measure to maintain persistence, the RAT calls the SetThreadExecutionState function with a set of flags that forces the display to remain on and the system to stay in a working state. This prevents the system from entering sleep mode.

Separately from the anti-kill methods, the malware also includes a protection mechanism against Windows Defender. In this case, the RAT actively searches for MSASCui.exe in the process list and terminates it. The malware then modifies the task scheduler and registry to disable Windows Defender globally, along with its various features.

Networking

VenomRAT employs a custom packet building and serialization mechanism for its networking connection to the C2 server. Each packet is tailored to a specific action taken by the RAT, with a dedicated packet handler for each action. The packets transmitted to the C2 server undergo a multi-step process:

1. The packet is first serialized to prepare it for transmission.
2. The serialized packet is then compressed using LZMA compression to reduce its size.
3. The compressed packet is encrypted using AES-128 encryption, utilizing the same key and authentication key mentioned earlier.

Upon receiving packets from the C2 server, VenomRAT reverses this process to decrypt and extract the contents.

Additionally, VenomRAT implements tunneling by installing ngrok on the infected computer. The C2 server specifies the token, protocol, and port for the tunnel, which are sent in the serialized packet. This allows remote control services like RDP and VNC to operate through the tunnel and to be exposed to the internet.

USB spreading

VenomRAT also possesses the capability to spread via USB drives. To achieve this, it scans drive letters from C to M and checks if each drive is removable. If a removable drive is detected, the RAT copies itself to all available drives under the name My Pictures.exe.

Extra stealth steps

In addition to copying itself to another directory and changing its executable name, VenomRAT employs several stealth techniques that distinguish it from QuasarRAT. Two notable examples include:

• Deletion of Zone.Identifier streams: VenomRAT deletes the Mark of the Web streams, which contain metadata about the URL from which the executable was downloaded. By removing this information, the RAT can evade detection by security tools like Windows Defender and avoid being quarantined, while also eliminating its digital footprint.
• Clearing Windows event logs: The malware clears all Windows event logs on the compromised system, effectively creating a “clean slate” for its operations. This action ensures that any events generated during the RAT’s execution are erased, making it more challenging for security analysts to detect and track its activities.

Victimology

The primary targets of RevengeHotels attacks continue to be hotels and front desks, with a focus on establishments located in Brazil. However, the threat actors have been adapting their tactics, and phishing emails are now being sent in languages other than Portuguese. Specifically, we’ve observed that emails in Spanish are being used to target hotels and tourism companies in Spanish-speaking countries, indicating a potential expansion of the threat actor’s scope. Note that among earlier victims of this threat are such Spanish-speaking countries as Argentina, Bolivia, Chile, Costa Rica, Mexico, and Spain.

It is important to point out that previously reported campaigns have mentioned the threat actor targeting hotel front desks globally, particularly in Russia, Belarus, and Turkey, although no such activity has yet been detected during the latest RevengeHotels campaign.

Conclusions

RevengeHotels has significantly enhanced its capabilities, developing new tactics to target the hospitality and tourism sectors. With the assistance of LLM agents, the group has been able to generate and modify their phishing lures, expanding their attacks to new regions. The websites used for these attacks are constantly rotating, and the initial payloads are continually changing, but the ultimate objective remains the same: to deploy a remote access Trojan (RAT). In this case, the RAT in question is VenomRAT, a privately developed variant of the open-source QuasarRAT.

Kaspersky products detect these threats as HEUR:Trojan-Downloader.Script.Agent.gen, HEUR:Trojan.Win32.Generic, HEUR:Trojan.MSIL.Agent.gen, Trojan-Downloader.PowerShell.Agent.ady, Trojan.PowerShell.Agent.aqx.

Indicators of compromise

fbadfff7b61d820e3632a2f464079e8c Fat146571.js
d5f241dee73cffe51897c15f36b713cc SGDoHBZQWpLKXCAoTHXdBGlnQJLZCGBOVGLH_{TIMESTAMP}.ps1
1077ea936033ee9e9bf444dafb55867c cargajecerrr.txt
b1a5dc66f40a38d807ec8350ae89d1e4 cargajecerrr.txt
dbf5afa377e3e761622e5f21af1f09e6 runpe.txt
607f64b56bb3b94ee0009471f1fe9a3c venumentrada.txt
3ac65326f598ee9930031c17ce158d3d deobfuscated runpe.txt
91454a68ca3a6ce7cb30c9264a88c0dc deobfuscated venumentrada.txt

Staying ahead of cyber threats means constantly evolving defenses and stopping new and often unpredictable threats. From its founding, SentinelOne has embraced AI as a means of detecting and autonomously responding to novel malware and TTPs, revolutionizing and setting the standard for modern endpoint protection in the process.

It’s not just central to our philosophy, it’s a core architectural tenet. It is how we give customers the advantage of speed and innovation when defending themselves against sophisticated nation state actors, constantly evolving ransomware variants, and the rise of a cybercriminal underground that keeps lowering the barrier to entry for the financially or politically motivated. Simply put, it’s how we stop modern attacks before they happen.

With the introduction of our new Framework for Optimized Rule Generation and Evaluation, or FORGE, SentinelOne is building on that foundation by using the power of agentic AI and large language models (LLMs) to completely reimagine and accelerate how teams create new, adaptive detection rules to stop ever-evolving threats.

The “AlphaEvolve Moment” Within the Cyber Space

Recently, Google DeepMind revealed AlphaEvolve, a powerful AI agent that evolves and optimizes algorithms for computing challenges. While AlphaEvolve explores the future of evolving algorithms in computing, SentinelOne’s FORGE₁ offers a highly analogous approach in cybersecurity – an operationalized system for enhancing threat detection for real-world enterprise environments. Like AlphaEvolve, FORGE combines the creative problem-solving power of AI and LLMs with a rigorous evaluation process, enabling it to quickly generate highly effective, precise, and adaptive detection rules.

Traditional detection engines and AI-based models offer comprehensive coverage and are effective at identifying common attack patterns, forming a solid foundation for threat detection. However, updating and deploying models can be slow and complex, while attackers continually evolve their methods in real-time. Detection rules enable teams to close emerging detection gaps in a timely way, as well as fine-tune coverage.

The downside is that writing and maintaining these rules is slow, even for experts, requiring repeated testing to avoid false positives or blind spots. FORGE addresses this challenge by automatically generating high-quality rule candidates, significantly reducing manual effort and strengthening the detection stack.

Unlike traditional approaches, where rules can quickly become outdated in the face of sophisticated evasion techniques, FORGE utilizes diversified AI prompts to dynamically generate multiple rule candidates, which then undergo a rigorous, multi-tiered evaluation, ensuring that only the highest-quality rules are advanced to deployment.

Much like AlphaEvolve’s iterative approach, which uses automated evaluation to refine algorithms systematically, FORGE continuously learns and improves detection logic. When a rule does not meet the stringent precision and recall criteria, feedback is automatically integrated to guide AI-driven revisions. The result is an iterative refinement loop where detection logic rapidly adapts to emerging threats to minimize false positives and maximize coverage.

Example: Using Native OS Capabilities to Execute Malicious Code

Let’s take a look at an example where FORGE aids in our detection capabilities.

Figure 1 below represents a very typical example of how malware can maintain persistence on a Windows machine using built-in tools. The workflow is broken down into the following:

• The attacker uses the Scheduled Tasks executable (schtasks.exe) to create a new task named “Skype” that runs every 30 minutes.
• This task is configured to execute a JavaScript file called 1.js located in the user’s temporary files folder.
• When the task runs, it launches wscript.exe, which is the Windows Script Host used to execute .js files.
• As a result, this 1.js script is executed repeatedly on the system.

This technique is dangerous because it leverages entirely legitimate Windows components, making it difficult to detect and mitigate. By naming the task something inconspicuous such as “Skype” and placing the script in a temporary directory, the attacker avoids drawing attention. Malware authors often employ this method to ensure their code continues to run even after the system reboots or the user logs out.

We can tackle this problem with FORGE as it can easily create a detection rule to differentiate between malicious and non-malicious tasks.

How FORGE Helps Detect Malicious Activities

In Figure 2 below, we can see how FORGE generates and refines a detection rule for identifying malicious use of Windows Scheduled Tasks to execute JavaScript malware.

First, a broad rule flags any use of schtasks.exe with a command line referencing the Temp folder. While it captures many true positives in this example (257), the broad rule yielded a low precision rate of 65%, meaning it generated many false alarms.

Here, we iterate with the next generation of the rule created by FORGE. FORGE allows us to reduce noise by adding a condition that the parent command line must include “Skype”. However, this made the rule too narrow and it only caught 2 cases, though with perfect precision.

Finally, a more balanced and effective rule is created. FORGE checks for the creation of a scheduled task (create) that targets a JavaScript file (.js) in the Temp folder,and requires that the parent process be wscript.exe.

This rule now yields a high precision (99%) and successfully captures all 257 true positives, striking the right balance between generality and specificity.

This example illustrates how detection logic evolves through iterative tuning to enhance accuracy and minimize false positives in threat detection systems. It is important to note that FORGE does not replace our analysts. Rather, it eliminates the repetitive elements of rule generation and tuning, allowing analysts to concentrate on in-depth threat analysis and proactive defense strategies.

FORGE sets a new standard for AI-driven cybersecurity, enabling us to be agile, precise, and remain steps ahead of attackers.

₁ Patent Pending

Third-Party Trademark Disclaimer

All third-party product names, logos, and brands mentioned in this publication are the property of their respective owners and are for identification purposes only. Use of these names, logos, and brands does not imply affiliation, endorsement, sponsorship, or association with the third-party.

Singularity XDR

Discover and mitigate threats at machine speed with a unified XDR platform for the entire enterprise.

Get a Demo

The text created could lead to massive scandals and lawsuits between scientists. ICML leaders have banned scientists from submitting articles that are created using huge LLMs, such as ChatGPT ( ChatGPT).

Papers with generated text are forbidden if the text is not part of the experimental study of articles. However, scholars can use AI to correct text to improve its style or grammar. The ICML academies, to protect against spam, have banned the acceptance of articles created with the help of III. Note that the rules are not legally established, so they may still change in the future.

Depending on whether or not scientists adhere to the rule depends on their decision. Currently, there are no tools to effectively detect generated text, so the ICML will only rely on those who note in the process of examining suspicious documents. Generated texts often contain real errors, and authors must be heavily edited by the AI text to ensure that they are not suspicious.

Types of language models such as ChatGpt are trained on text from the Internet. They have learned to find common patterns between words to predict what to write next, using textual instructions or prompts. The question arises as to whether these systems work by plagiarizing authors? There is currently no evidence that ChatGPT directly copies the text of its article, but its results are based on human letters.