Dragos just published a short analysis today of ZionSiphon, malware supposedly designed to sabotage Israeli dam desalination systems — and it’s great.

The big reveal: this OT malware is complete garbage. Most of the technical content — hostnames, path names, controller logic — is all, in Dragos’s words, “fictional and likely LLM-generated guesses.” Basically, someone pointed an LLM at a domain it didn’t understand and just shipped the output. Vibe-coding for the Loss!

Kudos to Dragos for taking the time to write up a report on something AI-scary that is totally fake. I can’t remember the last time a security vendor went out of their way to lower the temperature on something.

I am worried, though, about this being another in a growing wave of fake cyberattacks. We have enough problems dealing with the real ones without AI weaponizing the production of fake ones.