Cyber: Winning Against Ai-based Attacks Requires A Combined Defensive...

If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade conventional defenses. A deeper look at these novel attacks reveals both unprecedented sophistication and deception.

In November 2025, Anthropic reported on what it described as the first known "AI-orchestrated cyber espionage campaign." This operation featured AI integrated throughout the stages of attack, from initial access to exfiltration, which was executed largely autonomously by the AI itself.

Another recent trend concerns ClickFix-related attacks using steganography techniques (hiding malware within image files) that slipped past signature-based scans. Skillfully disguised as legitimate software update screens or CAPTCHAs, these attacks deceived users into deploying remote access trojans (RATs), info-stealers, and other malware payloads on their own devices.

Adversaries are also exploiting ways to trigger and then compromise anti-virus (AV) exclusion rules by using a combination of social engineering, attack-in-the-middle, and SIM swapping techniques. Based on research from Microsoft's threat team from October 2025, the threat actor they call Octo Tempest convinced its victims to disable various security products and automatically delete email notifications. These steps allowed their malware to spread across an enterprise network without tripping endpoint alerts. Actors are also easily deploying dynamic and adaptive tools that specialize in detecting and disabling AV software on endpoints.

All these techniques share a common thread: the ability to evade legacy defenses such as endpoint detection and response (EDR), exposing the limitations of relying solely on EDR. Their success illustrates where EDR, acting alone and without additional defensive measures, can be vulnerable. These are new attacks in every sense of the word, using AI automation and intelligence to subvert digital defenses. This moment signals a fundamental shift in the cyber threat landscape, and it's rapidly driving a change in defensive strategy.

Network detection and response (NDR) and EDR both bring different protective benefits. EDR, by its nature, is focused on what is happening insi

Source: The Hacker News