morgana: even if AI gets in, your secrets don't get out

In 2020, reverse-engineering a well-obfuscated mobile app took a skilled attacker two to four weeks. By late 2024, the same job takes an LLM pipeline under an hour. This is not a projection. It is happening now, and it changes the economics of application security fundamentally.

What changed

Three capabilities converged:

LLM-assisted deobfuscation. Models like GPT-4 and Claude can read obfuscated code and produce clean, commented pseudocode. Control-flow flattening, string encryption, opaque predicates (techniques that took human analysts days to unwind) are pattern-matched in seconds. The model does not need to “understand” the code; it recognizes the obfuscation pattern and inverts it.

Automated binary analysis pipelines. Tools now chain disassembly, decompilation, and LLM analysis into end-to-end pipelines. An attacker feeds in an APK or IPA and gets back annotated source with API keys, authentication logic, and business rules highlighted. No manual triage step.

Cheaper compute, broader access. Running a deobfuscation pipeline against a binary costs single-digit dollars in API credits. The barrier to entry dropped from “skilled reverse engineer with expensive tools” to “anyone with a script and an API key.”

Why obfuscation stopped working

Obfuscation was always a time-based defense: make analysis slow enough that the attacker gives up or the next release ships before they finish. That calculus assumed human-speed analysis.

When the attacker is an LLM, “slower” means milliseconds instead of microseconds. The obfuscation still works. It just does not work long enough to matter. Re-obfuscating every release adds engineering cost on your side while the attacker’s cost per analysis trends toward zero.

Why RASP is not the answer either

Runtime Application Self-Protection detects tampering and crashes the app. The problem: a crash is a signal. It tells the attacker exactly which detection they tripped. They patch around it, re-run, and iterate. With AI-assisted fuzzing, this patch-and-retry loop is now automated too.

RASP also creates false positives. Accessibility services, enterprise MDM agents, and even OS updates can trigger tampering detections. Every false alarm erodes trust in the tool and creates triage work for your team.

The new threat model

The old model assumed a human attacker working manually:

Defense: Make analysis slow (obfuscation) or crash on detection (RASP)
Assumption: Attacker is slower than defender
Failure mode: Attacker eventually succeeds, but it takes long enough

The new model has an AI attacker working at machine speed:

Defense must not depend on analysis being slow: it will not be
Defense must not depend on detecting tampering and crashing: crashes are patchable signals
Defense must make success and failure indistinguishable: the attacker should not know they failed

This is the core insight behind cryptographic integrity protection: the app’s untampered state becomes the key that unlocks its own secrets. Tamper with anything, and a different key derives. The app keeps running. It simply serves wrong data. The attacker builds their exploit on garbage and never finds out.

What to do about it

If your app contains API keys, model weights, licensing logic, or any secret that lives in the binary:

Assume the binary will be fully deobfuscated. Plan your security architecture accordingly.
Stop investing in obfuscation-only strategies. They buy less time every quarter.
Evaluate protections that do not depend on hiding code. Cryptographic integrity, hardware-backed attestation, and server-side validation are the categories worth investigating.
Audit what is actually in your binary. Most teams are surprised by what ships: hardcoded keys, debug endpoints, internal API schemas.

The window between “release” and “fully reverse-engineered” is closing fast. The question is not whether your app will be analyzed, but what the attacker finds when it is.