Recent research from Sophos X-Ops details how an unidentified threat actor used artificial intelligence models to develop techniques for bypassing endpoint detection and response (EDR) systems. The unauthorized party built a testing framework that mirrors the methodology typically used in formal security assessments.
The activity surfaced when an anomalous endpoint registered in a customer environment generated alerts for files originating from the C:\Users\User\Documents\test directory. Multiple files in this location indicated a broader framework designed to bypass detection controls.
Analysts found several Python scripts, written partly in Russian, that were generated with the assistance of large language models. The threat actor integrated these scripts with an automated Active Directory (AD) panel and a dedicated lab environment. This lab systematically developed and evaluated unauthorized software against EDR agents from Sophos, CrowdStrike, and Windows Defender.
The automated AD panel coordinated the workflow by gathering observations from each test, selecting subsequent actions from a predefined list, and dispatching tasks to remote agents for further evaluation. This environment functioned as a structured engineering cycle. Threat actors used an iterative approach—building, testing and refining their tools—rather than relying entirely on autonomous AI code generation. The AI components primarily supported experimentation and coordinated the overall workflow.
Git repository artifacts showed the threat actor reviewing published security research to identify potential bypass techniques. The AI agents were tasked with processing this information, mapping the identified techniques to the MITRE ATT&CK framework, configuring the testing lab, and executing the tests.
The testing lab utilized multiple virtual machines running Windows Server 2022. One virtual machine evaluated tools against the Sophos agent, another tested the CrowdStrike agent, and a third served as a control environment without an EDR installation. A fourth virtual machine, running Ubuntu, operated as a command-and-control server using the Sliver post-compromise framework.
The threat actor employed several AI tools to support this infrastructure, including the AI-assisted code editor Cursor and the Claude Opus model. These models orchestrated the testing workflows and provided operational security support.
While the testing framework exhibits high technical organization, Sophos linked the activity to known data theft and ransomware operations. The overarching goal of the framework was to support stealthy, unauthorized access in target environments.
Despite the use of AI to accelerate bypass research, organizations can protect their systems through established defense-in-depth strategies. Sophos emphasizes that foundational controls remain critical. Organizations should prioritize timely patching, broad deployment of effective EDR solutions, and modern authentication mechanisms such as multifactor authentication (MFA) and passkeys to safeguard their networks.
This summary includes reporting originally published by Alexander Culafi for Dark Reading.