Sophos X-Ops analysts discovered that an unidentified threat actor used AI-driven Python scripts to automate the testing and evasion of endpoint detection and response (EDR) tools from Sophos, CrowdStrike, and Windows Defender. This attacker created a sophisticated lab environment with multiple virtual machines to iteratively develop and refine malware capable of bypassing EDR defenses, highlighting the increasing use of AI in advanced cyberattack methods.
https://www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing