Sophos X-Ops has published analysis of a post-exploitation framework in which AI agents did most of the labor of building and tuning malware to slip past endpoint detection and response (EDR). The framework was recovered from a threat actor that Sophos links to active ransomware and data-theft operations affecting organizations globally, including in the United States. The vendor did not name the group.

This is not a vulnerability, and there is no patch. It is a working example of an attacker industrializing the part of intrusion development that used to be slow, manual, and dependent on scarce skills — turning EDR evasion into a batch job.

What Sophos found

The core of the framework is a Python generator that produces payloads — mostly in Rust and Go — each implementing a specific evasion technique. The notable part is how those techniques were sourced. AI agents were pointed at public security research (Sophos cites blogs from vendors including Kaspersky and Palo Alto Networks), told to extract the techniques, map them to MITRE ATT&CK, identify the steps and tooling to reproduce each one, stand up a lab environment, execute the technique, and report results.

According to Sophos, a Claude Opus 4.5 agent coordinated the operation and set rules for subordinate agents, which handled EDR testing, documentation, OPSEC hardening, proxy stress-testing, and VM deployment. The reporting indicates Cursor was used in the development loop as well. Close to 80 modules were generated and tested against more than 70 techniques, with payloads exercised in virtual environments against EDR from Sophos, CrowdStrike, and Microsoft.

Other artifacts in the recovered directory point to a full intrusion kit, not just an evasion test bench:

  • Cobalt Strike profiles crafted to make beacon traffic resemble legitimate web requests.
  • A Telegram Bot API–based C2 channel that routes operator communication through Telegram’s infrastructure instead of direct attacker connections, blending in with normal outbound traffic.
  • Shellcode-injection scripts that load into legitimate Windows executables while preserving the host program’s original functionality.
  • An automated Active Directory discovery panel that drives recon by collecting observations from completed tasks and selecting the next action, delegating steps to remote agents and reassessing results.

Why it matters

The takeaway is not that AI invented new attacks — Sophos is explicit that these are known techniques. It is the collapse in cost and time. Generating, lab-testing, and iterating ~80 evasion variants against three major EDR products is the kind of work that historically gated capable operators. Automating it means a mid-tier crew can produce a steady stream of fresh, individually-tuned payloads, shortening the window in which any single static signature or behavioral rule stays effective.

For defenders, the practical risk is volume and variation: more unique samples, each tuned against the specific EDR you run, with C2 deliberately shaped to look like ordinary web and Telegram traffic.

What to do now

There is no IOC list that fixes this, because the payloads are designed to be disposable. Focus on the parts of the kill chain that don’t change:

  • Don’t rely on EDR alone. Assume some payloads will evade it. Layer network egress controls, application allow-listing, and identity-based detection behind the endpoint.
  • Hunt the C2 patterns, not the binaries. Telegram Bot API traffic (api.telegram.org) from servers and workstations that have no business talking to it is a strong signal. Inspect for Cobalt Strike beacon characteristics even when the profile mimics normal web requests.
  • Constrain AD reconnaissance. Tighten and monitor LDAP/SAMR enumeration, deploy honey accounts and tiered admin, and alert on bulk directory queries from non-admin hosts.
  • Watch for shellcode in trusted processes. Memory-injection into legitimate signed binaries is the evasion centerpiece — prioritize behavioral detections that catch injection regardless of the host executable.
  • Validate your own EDR. The actor tested against Sophos, CrowdStrike, and Microsoft. Run adversary-emulation exercises against your stack rather than trusting vendor defaults.

Sophos’ full write-up, “Pointing a Cursor at evading detection,” documents the framework and the agent orchestration. It is worth reading in full for blue teams building detection strategy, with the understanding that the underlying techniques — not the specific samples — are the durable threat.

Sources