Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion

A threat actor used AI-assisted tools to automate Active Directory discovery and test endpoint detection and response (EDR) evasion techniques, highlighting the rise of AI-supported post-exploitation frameworks.

The activity was identified after a suspicious endpoint triggered alerts tied to payloads stored in a user directory.

Investigation revealed a collection of malicious components forming a structured attack toolkit. These included customized Cobalt Strike profiles designed to mimic legitimate web traffic.

Telegram bot–based command-and-control channel to hide communications within trusted infrastructure.

Python scripts capable of injecting shellcode into legitimate Windows executables while maintaining normal functionality. A Cloudflare Worker was also used as a redirector to obscure the true backend C2 server.

A key finding was the presence of partially AI-generated Python scripts, many written in Russian, alongside a Git repository that contained a broader automation framework.

This framework combined an automated AD discovery panel with a controlled lab environment used to iteratively develop and test malware against leading EDR platforms such as Sophos, CrowdStrike, and Microsoft Defender.

The AD discovery system did not operate as a fully autonomous large language model. Instead, it followed a structured decision tree model, collecting results from executed tasks, selecting predefined next steps, and dispatching actions to remote agents.

This allowed semi-automated reconnaissance across enterprise environments while maintaining predictable execution paths. The threat actor built the testing environment using virtual machines provisioned through Ludus.

Multiple Windows Server 2022 systems were configured to evaluate bypass techniques against different EDR agents, alongside a separate Ubuntu system hosting a Sliver command-and-control server.

Development was supported by an AI-native IDE, Cursor, and coordinated through multiple AI agents with assigned roles.

One primary AI agent, powered by Claude Opus, managed orchestration and rule-setting. In contrast, others handled testing, operational security improvements, documentation, and infrastructure deployment.

Communication between agents and the code repository was managed using the Model Context Protocol, enabling automated commits and iterative development cycles.

The framework also incorporated research on external threats. AI agents were instructed to ingest publicly available security blogs, extract attack techniques, map them to MITRE ATT&CK, and reproduce them within the lab.

Sources included well-known security firms and red team research providers. This process enabled rapid prototyping of attack techniques based on real-world methodologies.

At the core of the framework was a modular payload generator written in Python that produced executables in Rust and Go.

These payloads were wrapped in layers of encryption and evasion logic, allowing attackers to test over 70 different techniques.

While initial success rates were low, repeated iterations reportedly improved bypass effectiveness, though results remain partially unverified.

Sophos researchers assess that this framework, while presented as red team tooling, is likely intended for real-world intrusions, including ransomware deployment and data theft.

The use of AI significantly accelerates development cycles but does not fundamentally change defensive requirements.

Organizations are advised to maintain strong security baselines, including timely patching, multi-factor authentication, and comprehensive EDR deployment, as attackers increasingly use AI to identify and exploit defensive gaps.

Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP