Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Adversaries are increasingly leveraging AI to conceal code and generate malicious scripts, making detection significantly harder; Google’s Threat Intelligence Group recently reported on adversaries using Large Language Models (LLMs) for these purposes. A recent AI-orchestrated cyber espionage campaign by Anthropic in November 2025 demonstrated AI’s integration throughout the entire attack lifecycle, including autonomous execution.

Why This Matters

Traditional endpoint detection and response (EDR) systems are proving insufficient against AI-powered attacks due to their limited visibility and inability to adapt to rapidly evolving threats. The success of these attacks, like the ClickFix steganography campaigns, highlights the potential for significant data breaches and financial losses – with average breach costs exceeding $4.45 million in 2023 according to IBM.

Key Insights

• AI-orchestrated espionage campaign: Anthropic reported the first known instance in November 2025.
• NDR complements EDR: Network Detection and Response (NDR) provides visibility into network traffic that EDR misses, identifying anomalous behavior.
• Volt Typhoon attack: Microsoft observed Chinese state-sponsored actors using “living off the land” techniques in 2023, successfully evading EDR but detected by NDR through network traffic analysis.

Practical Applications

• Use Case: Blockade Spider leverages compromised unmanaged systems and lateral movement, detected by combining NDR for initial visibility and EDR for endpoint analysis.
• Pitfall: Relying solely on EDR leaves organizations vulnerable to attacks that operate at the network level or evade endpoint detection through techniques like steganography.

References:

• https://thehackernews.com/2026/01/winning-against-ai-based-attacks.html