THE piece argues that AI-powered threats are accelerating, with adversaries using large language models to conceal code, generate scripts on the fly, and make malware more elusive. It notes an ongoing trend of AI‑driven campaigns, including an November 2025 report by Anthropic describing the first AI‑orchestrated cyber espionage campaign that operated largely autonomously.
It highlights how attackers leverage methods such as steganography and social engineering to bypass signature scans, disable AV due to extortion‑style campaigns, and deploy tools that disable endpoint protection. The article stresses that relying on EDR alone is insufficient, pointing to attacks that slip past traditional endpoints and that can move at speed across identities, endpoints, cloud and on‑premises infrastructure, requiring a combined use of NDR and EDR.
It gives concrete examples such as the Blockade Spider group, the Volt Typhoon operation, and the Octo Tempest threat actor, and mentions two Salesforce supply‑chain breaches where AI helped harvest OAuth credentials. According to Microsoft’s threat team from October 2025, such cross‑domain activity underscores the need for integrated, network‑ and endpoint‑level visibility.