arXiv: Building an Adversarial Malware Dataset by Family and Type: Generation, Evasion, and Poisoning Evaluation

This publication, dated 25 May 2026, presents a new methodology for creating adversarial malware datasets, specifically designed to test the robustness of AI-based cybersecurity systems. The research evaluates how malware samples can be generated, how they can evade detection, and how they can be used to poison training data for machine learning models. While not a regulatory change itself, this paper signals a critical emerging threat: the weaponization of AI against AI-driven security controls, which directly impacts compliance obligations under frameworks like the EU AI Act and NIS2.

Organizations deploying AI for malware detection, particularly in critical infrastructure, finance, healthcare, and cybersecurity sectors, are most affected. Any entity using machine learning models for endpoint protection, network monitoring, or threat intelligence must now consider that their training data and detection algorithms could be systematically undermined. This raises immediate concerns under AI safety and risk management requirements, as adversarial attacks could cause systemic failures in security systems that regulators expect to be resilient.

Compliance teams should immediately review their AI model validation and red-teaming procedures to include adversarial dataset testing. They must ensure that training data provenance and integrity controls are documented, as regulators will likely scrutinize whether models can withstand poisoning and evasion attacks. Additionally, teams should update their risk registers to reflect this new class of AI-specific threats and begin planning for potential updates to incident response plans that account for AI-targeted attacks. Proactive engagement with national cybersecurity authorities on adversarial ML risks is also advisable.