A sophisticated threat actor has been caught using AI-assisted tools to automate Active Directory reconnaissance and iteratively develop malware capable of bypassing leading endpoint detection and response (EDR) platforms — including Sophos, CrowdStrike, and Microsoft Defender. The discovery, reported by Sophos researchers, reveals a new chapter in AI-accelerated offensive operations that security teams cannot afford to ignore.
The Toolkit: What Was Found
Investigation of a compromised endpoint revealed a highly structured attack framework composed of multiple components:
- Customized Cobalt Strike profiles designed to masquerade as legitimate web traffic, evading network-level inspection.
- Telegram bot-based C2 channel that hides command-and-control communications within trusted infrastructure.
- Python shellcode injectors that inject malicious payloads into legitimate Windows executables while preserving their normal functionality.
- Cloudflare Worker redirector used to proxy traffic and obscure the true backend C2 server from defenders.
Crucially, investigators found partially AI-generated Python scripts — many written in Russian — alongside a Git repository containing a broader automation framework that combined AD discovery with a purpose-built malware development lab.
AI-Assisted Active Directory Reconnaissance
The AD discovery component operated not as a fully autonomous large language model agent, but as a structured decision tree: it collected results from executed tasks, selected predefined next steps based on those results, and dispatched actions to remote agents. This architecture enabled semi-automated, scalable reconnaissance across enterprise environments while maintaining predictable and auditable execution paths.
The framework was orchestrated using Cursor, an AI-native integrated development environment, with multiple specialized AI agents assigned distinct roles: one primary orchestrator powered by Claude Opus, others handling testing, operational security, documentation, and infrastructure deployment. Communication between agents and the code repository was managed via the Model Context Protocol (MCP), enabling automated commits and continuous development iterations.
Automated EDR Evasion Testing Lab
The malware development environment was built using Ludus to provision virtual machines. Multiple Windows Server 2022 systems were configured to evaluate bypass techniques against different EDR agents, with a separate Ubuntu server running a Sliver C2 framework.
AI agents were instructed to ingest publicly available threat intelligence and red team research, extract attack techniques, map them to the MITRE ATT&CK framework, and reproduce those techniques within the lab. The framework's modular payload generator — written in Python and producing executables in Rust and Go — was wrapped in layers of encryption and evasion logic, enabling testing of over 70 different bypass techniques.
While initial EDR bypass success rates were low, repeated AI-assisted iterations reportedly improved effectiveness over time — demonstrating the concerning compounding effect of AI on offensive capability development.
Why This Matters
Sophos researchers assess that while this framework was labeled as red team tooling, it is almost certainly intended for real-world intrusions, including ransomware deployment and data theft. The use of AI significantly accelerates development cycles, compressing what would previously take weeks of manual work into hours of automated iteration.
However, it is important to note that AI-assisted development does not change the fundamental nature of the threat. The tools and techniques employed — Cobalt Strike, Sliver, shellcode injection, process hollowing — are all well-known. What AI changes is the speed of iteration and the accessibility of sophisticated capabilities to lower-skilled actors.
Defensive Recommendations
Organizations should treat this disclosure as a concrete signal that AI-assisted post-exploitation frameworks are already operational in the wild. Recommended defensive actions include:
- Ensure comprehensive EDR coverage across all endpoints, including servers and virtualization infrastructure.
- Monitor for anomalous Active Directory enumeration activity, particularly bulk LDAP queries and BloodHound-style reconnaissance patterns.
- Apply network inspection controls capable of detecting Cobalt Strike malleable C2 profiles masquerading as legitimate traffic.
- Restrict outbound connections to collaboration platforms like Telegram from server environments where no business justification exists.
- Enforce multi-factor authentication everywhere and audit privileged access paths regularly.
Source: Cybersecurity News / Sophos Research