AI Gated Loader: Teaching Code to Decide Before It Acts (specterops.io)

Researchers and practitioners describe "AI gated loaders" — a new offensive tooling pattern (demonstrated in the HALO project) where a loader snapshots compact telemetry from a host, asks an LLM a structured yes/no question, and only executes payloads when a policy gate is met. The approach is designed to beat brittle static evasions (fixed sleeps, simple sandbox checks) by using real-time environment awareness: processes, drivers, network flows, idle time, active window title and working-hours flags are sampled (excluding the loader and its parent), summarized, and fed to a pinned model with temperature=0. The model returns a constrained JSON {allow, confidence, reason}; the loader applies a fail‑closed threshold (default allow=true and confidence≥0.80) and logs a timestamped decision plus a telemetry hash for auditability. Technically noteworthy choices aim for repeatability and safety: model pinning and raw-reply logging for traceability, extracting the first top-level JSON block to handle stray text, and denying on parse errors or low confidence. Use cases include more realistic red-team simulations, calibrated blue-team testing, and coordinated timing across hosts; operators can add local rules or dual approval. The design increases stealth and explains decisions — and thus raises important implications for defenders (new detection challenges) and for governance of LLM-assisted offensive tooling.