A North Korea-linked macOS backdoor disclosed by SentinelOne, named macOS.Gaslight, attempts to deceive AI analysis tools by embedding a 3.5 KB block of 38 fabricated "system" messages inside the binary. SentinelLABS researcher Phil Stokes published a technical breakdown on June 23, 2026, describing the Rust-based implant. The 38 messages simulate token expiry, out-of-memory kills, disk exhaustion, and repeated operation failures, designed to push any AI-assisted analysis tool into aborting, truncating, or refusing its session. The attack targets the agent's perception rather than the sandbox it runs in. SentinelLABS assessed with high confidence that the technique did not bypass any production AI malware analysis platform in current testing. The report noted that earlier North Korean macOS samples used a single injected block for the same purpose, while Gaslight stacks 38, suggesting systematic testing of failure conditions against live tools and deliberate refinement of the cascade.