For years, the cybersecurity conversation about AI was speculative. Researchers warned it could lower the barrier for attackers. Pen test firms demoed LLM-generated phishing emails. Thought pieces predicted AI-powered attacks were coming.

In 2026, they're here. And they're rewriting how every stage of an attack works — from discovery to exploitation to evasion.

The EDR Evasion Toolkit

In June 2026, Sophos published an analysis of a ransomware toolkit built using AI-assisted development workflows. The attacker used Cursor and Claude Opus 4.5 agents to iterate on malware modules against EDR products, coordinating roles across several agents: one set direction, others handled EDR testing, OPSEC hardening, documentation, and VM deployment.

The attack loop: