Recent security research indicates a shift in how threat actors structure their engineering lifecycles. Rather than relying solely on artificial intelligence for initial phishing materials or basic script generation, unauthorized parties are integrating large language models (LLMs) into automated testing frameworks to evaluate endpoint detection and response (EDR) telemetry. Findings from Sophos X-Ops show threat actors adopting structured engineering cycles, building, testing, and refining unauthorized software against agents like Sophos, CrowdStrike, and Windows Defender prior to deployment.
This methodology allows threat actors to iteratively test unauthorized software in dedicated lab environments, accelerating their ability to identify gaps in modern defenses. In one documented case, a threat actor utilized the AI-assisted code editor Cursor and the Claude Opus model to orchestrate a testing lab involving multiple Windows Server 2022 virtual machines and an Ubuntu-based command-and-control (C2) server. By mapping published security research to the MITRE ATT&CK framework and applying AI to configure tests, the actor created a high-speed feedback loop for evasion research. While the AI models do not act autonomously, their use as force multipliers for technical organization represents a change in preparation tactics.
Regional threat activity and identity focus
The trend toward disciplined operations is also evident in state-sponsored activity across Latin America and the Caribbean. Influenced by geopolitical tensions regarding maritime affairs and natural resources, groups such as FamousSparrow, Earth Krahang, and Vixen Panda have directed operations toward approximately a dozen nations in the region since early 2025. These actors frequently focus on government entities and critical infrastructure, including the maritime sectors in Venezuela and Panama. Notably, these groups achieve access not through novel zero-day vulnerabilities, but through established methods: targeting unpatched edge devices, accessing Microsoft SQL or Exchange servers, and leveraging gaps in identity management.
Sustained access techniques
The focus on identity and long-term persistence was evident in a prolonged espionage campaign involving a senior executive at a global stock exchange. For at least five months, an unidentified actor maintained unauthorized access to a high-ranking finance executive’s mailbox, systematically transferring sensitive emails every two to four weeks. The actor used a refined approach to maintain stealth, deploying system-level implants disguised as legitimate Adobe and OneDrive software. They established a C2 channel via Dropbox and created scheduled tasks mimicking Lenovo system health checks to blend into the machine's baseline environment. This case shows that for high-value targets, threat actors often prioritize stealth over speed, utilizing legitimate.NET libraries and cloud services to transfer data within standard network traffic patterns. At this time, exact attribution for this compromise remains unknown.
Vulnerabilities in shared software components
Technical gaps in shared software components continue to provide initial access avenues. Security researchers recently identified an issue in the shared Android SDK used by Microsoft 365 applications, including Word, Excel, and PowerPoint. A debug flag left active in production releases effectively disabled authentication checks, allowing unauthorized applications on a user's device to request Family of Client IDs (FOCI) tokens. These highly privileged tokens enable long-term use and silent handoffs between trusted apps. If acquired by an unauthorized party, they grant broad access to a user’s Microsoft 365 environment, including Teams messages and emails, without generating typical anomalous traffic logs. Microsoft has released patches addressing this (CVE-2026-41100, CVE-2026-41101, CVE-2026-41102, and CVE-2026-42832). We recommend security teams prioritize updating mobile fleets to protect their users.
Evaluating AI exposure areas
As AI integrates further into user workflows, it introduces new exposure areas, such as the "Fake Context Alignment" technique identified in Google Gemini. Researchers validated that indirect prompt injections—hidden within foreign language text or muted hyperlinks in messaging notifications, could bypass Gemini’s guardrails. When the AI assistant summarizes these notifications, it processes the hidden instructions, which could allow unauthorized control over smart home devices or alterations to the assistant's long-term memory. Google has deployed content classifier updates to mitigate this risk, and there is no evidence that this technique has been used in unauthorized operations to date. However, this research indicates a core structural requirement for the future: AI assistants must treat all external input as untrusted by default, similar to how traditional web applications handle user-provided strings.
Defensive guidance and organizational resilience
For defenders, these findings reinforce the value of a defense-in-depth strategy prioritizing identity and edge security. The most common access paths in recent state-sponsored campaigns remain identity-led, including bypassing conditional access and conducting post-MFA token theft. We advise organizations to implement phishing-resistant MFA and ensure internet-facing edge devices are patched within 14 days, particularly those listed in the CISA Known Exploited Vulnerabilities catalog. Furthermore, as threat actors increasingly utilize legitimate cloud services like Dropbox or OneDrive for data transfer, deploying Cloud Access Security Brokers (CASB) and Data Loss Prevention (DLP) tools helps detect anomalies in high-value accounts.
Cyber insurance considerations
The shifting threat situation has practical implications for managing risk through cyber insurance. While premium rates have stabilized, carriers are introducing strict exclusions that require careful review. A specific area of concern is the "employee action" exclusion. Many carriers now classify incidents where an employee is led into a manual action—such as a "ClickFix" tactic or a social engineering-driven wire transfer, as a failure of internal controls rather than a covered cyber event. Security leaders should review their policies to ensure adequate coverage for these scenarios, and consider "tail" coverage to protect against security incidents discovered after switching providers.
Moving forward, the systematic engineering approach to security evasion will likely become standard practice. As unauthorized parties use AI to automate the testing of their methodologies, detection windows will narrow. Organizations can protect their environments by shifting to a proactive posture that assumes local device environments may occasionally be compromised, focusing on zero-trust validation for every token and access request. While vendors have addressed the specific vulnerabilities discussed, the broader pattern of AI-assisted research and identity-focused data collection remains a consistent trend. By partnering across security and engineering teams, organizations can build the resilience needed to safeguard their systems and users.