惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
V
V2EX
G
Google Developers Blog
F
Full Disclosure
Martin Fowler
Martin Fowler
宝玉的分享
宝玉的分享
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
About on SuperTechFans
The Cloudflare Blog
C
Cisco Blogs
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
P
Privacy International News Feed
Microsoft Security Blog
Microsoft Security Blog
Help Net Security
Help Net Security
Recorded Future
Recorded Future
PCI Perspectives
PCI Perspectives
S
Schneier on Security
AI
AI
N
News | PayPal Newsroom
雷峰网
雷峰网
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Schneier on Security
Schneier on Security
S
Securelist
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
AWS News Blog
AWS News Blog
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 三生石上(FineUI控件)
C
CXSECURITY Database RSS Feed - CXSecurity.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cloudbric
Cloudbric
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
Check Point Blog
S
Security Affairs

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI
Zoey Chu · 2026-02-18 · via Vectra AI Blog

From ransomware kits that anyone can generate with a prompt, to fake employees infiltrating Fortune 500 companies, to extortion campaigns run entirely by AI coding agents, attackers are no longer bound by skill or scale. Anthropic’s latest threat intelligence report shows how AI has become the ultimate force multiplier for cybercrime — compressing attacker timelines from weeks to hours and helping even low-skilled actors evade traditional defenses.

The result? A widening security gap. While most organizations are still relying on prevention tools to stop yesterday’s attacks, adversaries are using AI to bypass those layers entirely.

What the Anthropic report uncovered

1. Agentic AI systems are being weaponized

One of the most striking findings in the Anthropic report is how AI models are no longer passive advisors — they are active operators inside the attack chain.

In what researchers called the vibe hacking campaign, a single criminal used an AI coding agent to launch and scale a data extortion spree. Instead of merely suggesting commands, the AI executed them directly:

  • Automated reconnaissance: The AI scanned thousands of VPN endpoints, identifying weak spots at scale.
  • Credential harvesting and lateral movement: It systematically extracted login credentials, enumerated Active Directory environments, and escalated privileges to move deeper into victim networks.
  • Custom malware creation: When detection occurred, the AI generated obfuscated malware variants, disguised as legitimate Microsoft executables, to bypass defenses.
  • Data exfiltration and ransom orchestration: The AI extracted sensitive financial, healthcare, and government records, then analyzed them to set ransom demands and craft psychologically targeted ransom notes that threatened reputational and regulatory exposure.

Screenshot of customized ransom notes auto-generated by AI

Screenshot of customized ransom notes auto-generated by AI from Anthropic's report

Seventeen organizations — including government agencies, healthcare providers, and emergency services — were hit in just one month. Ransom demands ranged from $75,000 to over $500,000, with each note tailored to maximize pressure on the victim.

This represents a fundamental shift in attacker economics:

  • A lone actor, armed with an agentic AI, can now deliver the same impact as a coordinated cybercrime group.
  • Operations that once required weeks of planning and technical expertise can be compressed into hours with AI doing the heavy lifting.
  • The assumption that “sophisticated attacks require sophisticated adversaries” no longer holds true.

2. AI lowers the barriers to sophisticated cybercrime

Another key theme from the Anthropic report is how AI makes advanced attack techniques accessible to people with little or no technical skill.

Traditionally, building ransomware required deep knowledge of cryptography, Windows internals, and stealth techniques. In this case, however, a UK-based threat actor with limited technical ability built and sold fully functional ransomware-as-a-service (RaaS) packages using AI coding assistance.

  • No technical expertise required: The actor leaned on AI to implement ChaCha20 encryption, RSA key management, and Windows API calls — capabilities far beyond their personal skill level.
  • Built-in evasion: AI helped the actor integrate anti-EDR bypass techniques like syscall manipulation (FreshyCalls, RecycledGate), string obfuscation, and anti-debugging.
  • Professional packaging: The ransomware was marketed in polished service tiers — from $400 DLL/executable kits to $1,200 full crypter bundles with PHP consoles and Tor-based C2 infrastructure.
  • Commercial scale: Despite their dependency on AI, the operator distributed malware on criminal forums, offering “research-only” disclaimers while actively selling to less skilled cybercriminals.

Screenshot of Dark web forum post advertising ransomware-for-sale from Anthropic's report

This example illustrates how AI is democratizing access to sophisticated cybercrime:

  • Complex malware development is no longer limited to highly skilled developers — anyone with intent and access to AI can create viable ransomware.
  • The barriers of time, training, and expertise have been removed, opening the market to a wider pool of malicious actors.
  • By lowering the bar, AI dramatically increases the volume and variety of ransomware attacks that organizations may face.

3. Cybercriminals are embedding AI throughout their operations

The Anthropic report shows that cybercriminals aren’t just using AI for single tasks — they are weaving it into the fabric of their daily operations.

A clear example comes from North Korean operatives posing as software developers at Western technology companies. In this scheme, AI played a role at every stage of the operation:

  • Persona creation: Operatives used AI to generate professional resumes, craft convincing technical portfolios, and build career narratives that could withstand scrutiny.
  • Application & interview: AI tailored cover letters to job postings, prepared operators for technical interviews, and even provided real-time assistance during coding assessments.
  • Employment maintenance: Once hired, operatives relied on AI to deliver code, respond to pull requests, and communicate with teammates in fluent professional English — masking both technical and cultural gaps.
  • Revenue generation: With AI providing the skills they lacked, these operatives were able to hold multiple jobs at once, funneling salaries directly into North Korea’s weapons program.

Examples of questions the APT member would ask Claude - from Anthopic's report

Examples of questions the APT member would ask Claude - from Anthopic's report

This is more than fraud — it’s AI as an operational backbone:

  • Technical competence is no longer a prerequisite to access high-paying jobs in sensitive industries.
  • AI allows malicious insiders to maintain long-term positions, extracting steady income and intellectual property.
  • State-sponsored groups can scale their reach without scaling training programs, AI replaces years of technical education with real-time, on-demand skills.

4. AI is being used for all stages of fraud operations

Fraud has always been about scale, speed, and deception — and AI now amplifies all three. The Anthropic report reveals how criminals are applying AI end-to-end across the fraud supply chain, transforming isolated scams into resilient, industrialized ecosystems.

  • Data analysis and victim profiling: Criminals used AI to parse massive stealer log dumps, categorize victims by online behavior, and build detailed profiles. This turns raw stolen data into actionable intelligence, allowing precise targeting.
  • Infrastructure development: Actors built AI-powered carding platforms with automated API switching, failover mechanisms, and intelligent throttling to avoid detection. These platforms operated at an enterprise level, validating and reselling stolen credit cards at scale.
  • Identity fabrication: AI was leveraged to generate synthetic identities complete with plausible personal data, enabling fraudsters to bypass banking and credit checks with little effort .
  • Emotional manipulation: In romance scams, AI-generated chatbots produced fluent, emotionally intelligent responses in multiple languages, enabling non-native speakers to engage victims convincingly and at scale .

Illustration of threat actor using Model Context Protocol (MCP) to analyze stealer logs and profile victims.

Illustration of threat actor using Model Context Protocol (MCP) to analyze stealer logs and profile victims - from Anthopic's report

AI is no longer just assisting fraud — it’s orchestrating it:

  • Criminals can automate every stage of the operation, from harvesting data to monetizing it.
  • Fraud campaigns become more scalable, more adaptive, and harder for victims (or banks) to spot.
  • Even low-skill actors can spin up fraud services that look and feel like professional platforms.

The widening Security Gap

What this report makes clear is that AI isn’t just making attackers smarter — it’s making them faster and more elusive. And that speed is exposing the gaps in today’s security stacks.

  1. Traditional tools can’t keep pace. Endpoint defenses, MFA, and email security are being sidestepped, not broken. Attackers use AI to go around these controls — by crafting new malware variants, generating phishing lures, or simulating employees who look legitimate.
  2. Timelines are compressed. A single operator with AI can do the work of a full team — reconnaissance, lateral movement, and extortion now happen in hours instead of weeks.
  3. Complexity ≠ sophistication anymore. AI lets even unskilled actors generate advanced ransomware, build synthetic identities, or run large-scale fraud schemes. The link between technical expertise and attack complexity is broken.

This is the security gap: while prevention tools defend against known techniques, AI-empowered attackers are exploiting the blind spots in between. And unless SOC teams can see the behaviors that AI cannot mask — privilege escalation, abnormal access, lateral movement, data staging — compromise goes undetected.

Closing the Gap with Vectra AI

For business leaders, the takeaway is simple: if attackers are using AI to scale compromise, your SOC needs AI to scale detection and response. That’s where Vectra AI delivers measurable value.

  • Detect what prevention misses. Whether it’s AI-generated ransomware, fraudulent employees, or stealthy data theft, Vectra AI focuses on attacker behaviors that cannot be hidden — privilege escalation, lateral movement, and data exfiltration.
  • Hybrid coverage. Attackers don’t stay in one lane. Vectra AI monitors identity systems, cloud workloads, SaaS apps, and network traffic together, closing the blind spots between siloed tools.
  • AI-driven prioritization. Just as adversaries use automation to accelerate attacks, Vectra uses AI to correlate, prioritize, and surface the most urgent threats, so your team acts on what matters first.

The business value? You reduce the risk of financial loss, regulatory fines, and reputational damage — all while giving your security team the confidence that they can detect compromise even when attackers are using AI to bypass prevention layers. > Read the IDC report on the Business Value of Vectra AI.

Ready to see how Vectra AI can help you detect what others miss? Explore our self-guided demo and experience how we close the security gap.

FAQs