Threat Actor Uses AI to Build EDR Evasion Tools

https://www.infosecurity-magazine.com/news/ai-edr-evasion-tooling/

Publish Date: 2026-06-19 02:13:12

Source Domain: www.infosecurity-magazine.com

Summary of AI Coding Tools Used To Develop Malware

Research by Sophos X-Ops, based on the Counter Threat Unit’s analysis, has revealed that threat actors are using AI coding tools to create and refine sophisticated malware aimed at circumventing endpoint detection and response (EDR) systems. This project uncovered traces of an unusual endpoint in a customer’s environment, which lead Sophos to discover a meticulously developed lab within a Git repository. The lab employed AI for drafting the majority of its Python scripts, many written in Russian, and functioned through an orchestrated system within the Cursor environment, while never employing AI autonomously or embedding – The generated text has been blocked by our content filters.