This qualitative grounded theory explored countermeasures to defend against Artificial Intelligence (AI)-powered malware exploiting facial recognition software for malicious intent. The basic taxonomy of facial recognition software and AI-generated malware was examined to understand their mechanisms and build the foundation of this study. Based on the review of AI-generated malware and facial recognition software, three categories of countermeasures were proposed. The recommended countermeasures were assessed through the frameworks. The NIST Cybersecurity Framework was selected to evaluate the proposed countermeasure to identify, protect, detect, and prevent the threat of AI-generated malware. The results of the study showed the threat of AI-generated malware can be reduced or mitigated by implementing appropriate countermeasures. The recommended technical and non-technical measures, along with the security awareness program, can be integrated into the cybersecurity framework and customized to address an organization’s objectives and to combat the AI-enabled malware exploiting facial recognition.