By taking strings from an online gaming program and appending them to malicious files, researchers were able to trick Cylance’s AI-based antivirus engine into thinking programs like WannaCry and other malware are benign.
Cylance developed a great machine-learning (ML) algorithm. It's proven to be very effective against malware, particularly 0-day malware.
But... I've said multiple times... once Cylance gets big enough that malware developers start targeting it specifically -- then it's like all other AVs. Malware developers can just keep on tweaking until they figure out how to bypass. Although, it is harder to 'tweak to bypass' ML software. You could tweak thousands of times and get nowhere, whereas with signature based products, there are more efficient ways to pack or obfuscate code until you can make it work.
Cylance is big enough now. Cylance has grown super rapidly in market share. They may pass Kaspersky in market size soon.
I've also stated that Cylance should be run as a 'module' -- as part of a larger defense strategy.
There is a benefit to 'security by obscurity.' If your product is not targeted by malware developers --- obviously that is to your advantage.
It's still a great product -- as part of a layered approach.
And the Cylance guys need to dive into the code and get this fixed.