HIGH
AI-Built Ransomware Toolkit Automates EDR Evasion and Active Directory Discovery
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and EDR evasion — two steps that previously required significant attacker expertise. The toolkit lowers the technical floor for running targeted ransomware campaigns by packaging reconnaissance and evasion into automated workflows. This represents a concrete operational deployment of AI-generated attack tooling, not a proof-of-concept. Defenders should validate EDR telemetry coverage, monitor for anomalous AD enumeration activity, and treat AI-assisted attack tooling as an emerging baseline threat rather than a novelty.