This text is a part of VentureBeat’s particular concern, “The cyber resilience playbook: Navigating the brand new period of threats.” Learn extra from this particular concern right here.
Enterprises run the very actual threat of dropping the AI arms race to adversaries who weaponize massive language fashions (LLMs) and create fraudulent bots to automate assaults.
Buying and selling on the belief of professional instruments, adversaries are utilizing generative AI to create malware that doesn’t create a novel signature however as an alternative depends on fileless execution, making the assaults typically undetectable. Gen AI is extensively getting used to create large-scale automated phishing campaigns and automate social engineering, with attackers seeking to exploit human vulnerabilities at scale.
Gartner factors out in its newest Magic Quadrant for Endpoint Safety Platforms that “leaders within the endpoint safety market are prioritizing built-in safety options that unify endpoint detection and response (EDR), prolonged detection and response (XDR) and identification safety right into a single platform. This shift permits safety groups to cut back complexity whereas bettering menace visibility.”
The end result? A extra advanced menace panorama transferring at machine velocity whereas enterprise defenders depend on outdated instruments and applied sciences designed for a distinct period.
The dimensions of those assaults is staggering. Zscaler’s ThreatLabz indicated a virtually 60% year-over-year improve in world phishing assaults, and attributes this rise partly to the proliferation of gen AI-driven schemes. Likewise, Ivanti’s 2024 State of Cybersecurity Report discovered that 74% of companies are already seeing the influence of AI-powered threats. And, 9 in 10 executives mentioned they imagine that AI-powered threats are simply getting began.
“If you happen to’ve received adversaries breaking out in two minutes, and it takes you a day to ingest knowledge and one other day to run a search, how are you going to presumably hope to maintain up?” Elia Zaitsev, CTO of CrowdStrike famous in a latest interview with VentureBeat.
The brand new cyber arms race: Adversarial AI vs. defensive AI on the endpoint
Adversaries, particularly cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, including to their arsenals quicker than any enterprise can sustain. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons.
“Even if you happen to’re not an skilled, gen AI can create scripts or phishing emails in your behalf,” George Kurtz, CrowdStrike CEO and founder on the latest World Financial Discussion board, mentioned in an interview with CNBC. “It’s by no means been simpler for adversaries. However the excellent news is, if we correctly harness AI on the defensive aspect, we now have an enormous alternative to remain forward.”
As Gartner advises: “AI-enhanced safety instruments ought to be considered as pressure multipliers quite than standalone replacements for conventional safety measures. Organizations should be certain that AI-driven options combine successfully with human decision-making to mitigate dangers.”
Etay Maor, chief safety strategist at Cato Networks, informed VentureBeat that “adversaries aren’t simply utilizing AI to automate assaults — they’re utilizing it to mix into regular community visitors, making them more durable to detect. The actual problem is that AI-powered assaults aren’t a single occasion; they’re a steady means of reconnaissance, evasion and adaptation.”
Cato outlined in its 2024 enterprise highlights the way it expanded its safe entry service edge (SASE) cloud platform 5 instances within the final yr, introducing Cato XDR, Cato endpoint safety platform (EPP), Cato managed SASE, Cato digital expertise monitoring (DEM) and Cato IoT/OT Safety, all of which intention to streamline and unify safety capabilities beneath one platform. “We’re not simply taking share,” mentioned Shlomo Kramer, Cato co-founder and CEO. “We’re redefining how organizations join and safe their operations, as AI and cloud rework the safety panorama.”
Unifying endpoints and identities is the way forward for zero belief. Adversaries are fast to capitalize on unchecked agent sprawl, which is made extra unreliable because of a surge in dozens of identities’ knowledge being integral to an endpoint. Utilizing AI to automate reconnaissance at scale, adversaries have an higher hand.
All these elements, taken collectively, set the stage for a brand new period of AI-powered endpoint safety.
AI-powered endpoint safety ushers in a brand new period of unified protection
Legacy approaches to endpoint safety — interdomain belief relationships, assumed belief, perimeter-based safety designs, to call a number of — are now not sufficient. If any community’s safety relies on assumed or implied belief, it’s nearly as good as breached already.
Likewise, counting on static defenses, together with antivirus software program, perimeter firewalls or, worse, endpoints with dozens of brokers loaded on them, leaves a corporation simply as weak as if they’d no cyber protection technique in any respect.
Gartner observes that: “Identification theft, phishing and knowledge exfiltration are workspace safety dangers that require additional consideration. To deal with these points, organizations want a holistic workspace safety technique that locations the employee on the heart of safety and integrates safety throughout machine, e-mail, identification, knowledge and utility entry controls.”
Daren Goeson, SVP of unified endpoint administration at Ivanti, underscored the rising problem. “Laptops, desktops, smartphones and IoT units are important to trendy enterprise, however their increasing numbers create extra alternatives for attackers,” he mentioned. “An unpatched vulnerability or outdated software program can open the door to severe safety dangers. However as their numbers develop, so do the alternatives for attackers to use them.”
To mitigate dangers, Goeson emphasizes the significance of centralized safety and AI-powered endpoint administration. “AI-powered safety instruments can analyze huge quantities of knowledge, detecting anomalies and predicting threats quicker and extra precisely than human analysts,” he mentioned.
Vineet Arora, CTO at WinWire, agreed: “AI instruments excel at quickly analyzing large knowledge throughout logs, endpoints and community visitors, recognizing delicate patterns early. They refine their understanding over time — mechanically quarantining suspicious actions earlier than vital injury can unfold.”
Gartner’s recognition of Cato Networks as a Chief within the 2024 Magic Quadrant for Single-Vendor SASE additional underscores this business shift. By delivering networking and safety capabilities by means of a single cloud-based platform, Cato permits organizations to deal with endpoint threats, identification safety and community safety in a unified method — which is important in an period when adversaries exploit any hole in visibility.
Integrating AI, UEM and zero-trust
Specialists agree that AI-powered automation enhances menace detection, lowering response instances and minimizing safety gaps. By integrating AI with unified endpoint administration (UEM), companies achieve real-time visibility throughout units, customers and networks — proactively figuring out safety gaps earlier than they are often exploited.”
By proactively stopping issues, “the pressure on IT assist can also be minimized and worker downtime is drastically diminished,” mentioned Ivanti’s subject CISO Mike Riemer.
Arora added that, whereas AI can automate routine duties and spotlight anomalies, “human analysts are important for advanced choices that require enterprise context — AI ought to be a pressure multiplier, not a standalone alternative.”
To counter these threats, extra organizations are counting on AI to strengthen their zero-trust safety frameworks. Zero belief includes programs that repeatedly confirm each entry request whereas AI actively detects, investigates and, if crucial, neutralizes every menace in actual time. Superior safety platforms combine EDR, XDR and identification safety right into a single, clever protection system.
“When mixed with AI, UEM options change into much more highly effective,” mentioned Goeson. “AI-powered endpoint safety instruments analyze huge datasets to detect anomalies and predict threats quicker and extra precisely than human analysts. With full visibility throughout units, customers and networks, these instruments proactively determine and shut safety gaps earlier than they are often exploited.”
AI-powered platforms and the rising demand for XDR options
Practically all cybersecurity distributors are fast-tracking AI and gen AI-related initiatives of their DevOps cycles and throughout their roadmaps. The aim is to boost menace detection incident response, scale back false positives and create platforms able to scaling out with full XDR performance. Distributors on this space embody BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Intuition, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Development Micro and Zscaler.
Cisco can also be pushing a platform-first method, embedding AI into its safety ecosystem. “Safety is an information recreation,” Jeetu Patel, EVP at Cisco, informed VentureBeat. “If there’s a platform that solely does e-mail, that’s attention-grabbing. But when there’s a platform that does e-mail and correlates that to the endpoint, to the community packets and the online, that’s much more precious.”
Practically each group interviewed by VentureBeat values XDR for unifying safety telemetry throughout endpoints, networks, identities and clouds. XDR enhances menace detection by correlating alerts, boosting effectivity and lowering alert fatigue.
Riemer highlighted AI’s defensive shift: “For years, attackers have been using AI to their benefit. Nonetheless, 2025 will mark a turning level as defenders start to harness the total potential of AI for cybersecurity functions.”
Riemer famous that AI-driven endpoint safety is shifting from reactive to proactive. “AI is already reworking how safety groups detect early warning indicators of assaults. AI-powered safety instruments can acknowledge patterns of machine underperformance and automate diagnostics earlier than a difficulty impacts the enterprise — all with minimal worker downtime and no IT assist required.”
Arora emphasised: “It’s additionally essential for CISOs to evaluate knowledge dealing with, privateness and the transparency of AI decision-making earlier than adopting such instruments — making certain they match each the group’s compliance necessities and its safety technique.”
Cato’s 2024 rollouts exemplify how superior SASE platforms combine menace detection, person entry controls, and IoT/OT safety in a single service. This consolidation reduces complexity for safety groups and helps a real zero-trust method, making certain steady verification throughout units and networks.
Conclusion: Embracing AI-driven safety for a brand new period of threats
Adversaries are transferring at machine velocity, weaponizing gen AI to create subtle malware, launch focused phishing campaigns and circumvent conventional defenses. The takeaway is evident: Legacy endpoint safety and patchwork options aren’t sufficient to guard in opposition to threats designed to outmaneuver static defenses.
Enterprises should embrace an AI-first technique that unifies endpoint, identification and community safety inside a zero-trust framework. AI-powered platforms — constructed with real-time telemetry, XDR capabilities and predictive intelligence — are the important thing to detecting and mitigating evolving threats earlier than they result in a full-on breach.
As Kramer put it, “The period of cobbled-together safety options is over.” Organizations selecting a SASE platform are positioning themselves to proactively fight AI-driven threats. Cato, amongst different main suppliers, underscores {that a} unified, cloud-native method — marrying AI with zero-trust rules — can be pivotal in safeguarding enterprises from the subsequent wave of cyber onslaughts.
