A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions.
Tool and payload development was assisted by Cursor and Claude Opus agents in various stages, including initial coding, analysis, and revisioning. Additionally, some agents were tasked with checking security research posts for various bypass techniques.
Some of the malware created this way was tested in virtual environments against EDR tools from Sophos, CrowdStrike, and Microsoft.
Despite the malware research and development orchestrated using AI technology, the researchers note that the workflow is entirely human-driven.
Rapid EDR-bypass development
