Cyber security is under intense scrutiny these days, especially as more adversarial AI-based attacks such as Scattered Spider can use a variety of living-off-the-land methods to spread and speed their impact and disguise their operations. This means that defending today’s networks requires a quicker and more sophisticated, in-depth response.
Offensive AI is beginning to thrive: Google’s Threat Intelligence group has tracked new and maturing AI-fueled attack methods including AI tools that can bypass safety guardrails, generate malicious scripts, and automatically evade detection. Anthropic has observed what it calls the first known use of AI-based orchestration to stitch together different pieces of malware to perform network reconnaissance, discover vulnerabilities, move laterally across a target network, and harvest data.
This AI orchestration can happen at a speed and scale that could easily overwhelm manual detection and remediation methods. These are new attacks in every sense of the word and use the automation and intelligence of a machine learning algorithm to subvert digital defenses.
These attacks are just the beginning of how AI can be used to bypass traditional security protections. While the history of credential compromise goes back decades, what is new is the level of scale that can be accomplished with just a few AI prompts and how that can leverage AI-powered harvesting to collect a huge amount of stolen data.
This is just one way bad actors use AI. This Cloud Security Alliance report from June 2025 lists more than 70 different ways that autonomous AI-based agents can be used to attack enterprise systems, and demonstrates how these agents significantly expand the attack surface beyond traditional trust boundaries and security practices.
Truly, nothing is safe any longer, and we are firmly now in the era of zero trust. Since the term was first coined by John Kindervag in 2009 when he was at Forrester Research, it has blossomed into an almost universal set of circumstances. The difference with today’s networks is that SOC analysts also can’t take anything for granted, and have to become more effective at finding and stopping attacks no matter where they originate.
Why NDR matters against AI-powered attacks
As organizations search for better ways to defend new AI threats, they are turning to network visibility to understand how these techniques can be useful as a defensive mechanism.
Unlike legacy solutions that focus on blocking known traffic signatures or rely on manual investigation, network detection & response (NDR) systems continuously monitor and analyze network data, provide real-time insight to detect fast-moving, deceptive AI-based threats and automatically identify abnormal data transfers and network traffic patterns. These systems augment simple network visibility with real-time analytics.
Corelight Investigator Dashboard
... continue reading