BIFOLD researchers will present the paper "Shape-Shifting Malicious Code in Software Backdoors via Language Models" at the 21st ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2026), to be held in Bangalore, India, from 1-5 June 2026.
Their work reveals a blind spot in current software security. Malicious code does not need to be hidden in software alone. It can also be concealed in harmless documentation or configuration scripts. The researchers show how large language models can hide malicious code in documents that appear completely natural to humans, yet carry hidden functionality. Critically, the malicious code can be extracted from the documents without any language model, allowing for versatile and lightweight attacks, for example, during the build process of software. Since detecting these attacks is difficult, the researchers argue that the most effective defense is to more carefully vet and control who contributes to software development.
Paper: Shape-Shifting Malicious Code in Software Backdoors via Language Models.
Authors: Mohammad Ebrahimi Fard, Felix Weissberg, Erik Imgrund, Thorsten Eisenhofer, Konrad Rieck.
PDF / Code