This text is a part of VentureBeat’s particular concern, “The cyber resilience playbook: Navigating the brand new period of threats.” Learn extra from this particular concern right here.
Enterprises run the very actual danger of dropping the AI arms race to adversaries who weaponize giant language fashions (LLMs) and create fraudulent bots to automate assaults.
Buying and selling on the belief of authentic instruments, adversaries are utilizing generative AI to create malware that doesn’t create a novel signature however as an alternative depends on fileless execution, making the assaults usually undetectable. Gen AI is extensively getting used to create large-scale automated phishing campaigns and automate social engineering, with attackers trying to exploit human vulnerabilities at scale.
Gartner factors out in its newest Magic Quadrant for Endpoint Protection Platforms that “leaders within the endpoint safety market are prioritizing built-in safety options that unify endpoint detection and response (EDR), prolonged detection and response (XDR) and id safety right into a single platform. This shift allows safety groups to scale back complexity whereas enhancing menace visibility.”
The consequence? A extra complicated menace panorama transferring at machine pace whereas enterprise defenders depend on outdated instruments and applied sciences designed for a unique period.
The size of those assaults is staggering. Zscaler’s ThreatLabz indicated an almost 60% year-over-year improve in international phishing assaults, and attributes this rise partially to the proliferation of gen AI-driven schemes. Likewise, Ivanti’s 2024 State of Cybersecurity Report discovered that 74% of companies are already seeing the affect of AI-powered threats. And, 9 in 10 executives mentioned they imagine that AI-powered threats are simply getting began.
“If you happen to’ve bought adversaries breaking out in two minutes, and it takes you a day to ingest knowledge and one other day to run a search, how are you going to presumably hope to maintain up?” Elia Zaitsev, CTO of CrowdStrike famous in a latest interview with VentureBeat.
The brand new cyber arms race: Adversarial AI vs. defensive AI on the endpoint
Adversaries, particularly cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, including to their arsenals quicker than any enterprise can sustain. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons.
“Even when you’re not an knowledgeable, gen AI can create scripts or phishing emails in your behalf,” George Kurtz, CrowdStrike CEO and founder on the latest World Financial Discussion board, mentioned in an interview with CNBC. “It’s by no means been simpler for adversaries. However the excellent news is, if we correctly harness AI on the defensive facet, we’ve got an enormous alternative to remain forward.”
As Gartner advises: “AI-enhanced safety instruments ought to be seen as drive multipliers quite than standalone replacements for conventional safety measures. Organizations should be sure that AI-driven options combine successfully with human decision-making to mitigate dangers.”
Etay Maor, chief safety strategist at Cato Networks, advised VentureBeat that “adversaries will not be simply utilizing AI to automate assaults — they’re utilizing it to mix into regular community visitors, making them tougher to detect. The actual problem is that AI-powered assaults will not be a single occasion; they’re a steady technique of reconnaissance, evasion and adaptation.”
Cato outlined in its 2024 business highlights the way it expanded its safe entry service edge (SASE) cloud platform 5 occasions within the final yr, introducing Cato XDR, Cato endpoint safety platform (EPP), Cato managed SASE, Cato digital expertise monitoring (DEM) and Cato IoT/OT Safety, all of which intention to streamline and unify safety capabilities below one platform. “We’re not simply taking share,” mentioned Shlomo Kramer, Cato co-founder and CEO. “We’re redefining how organizations join and safe their operations, as AI and cloud remodel the safety panorama.”
Unifying endpoints and identities is the way forward for zero belief. Adversaries are fast to capitalize on unchecked agent sprawl, which is made extra unreliable attributable to a surge in dozens of identities’ knowledge being integral to an endpoint. Utilizing AI to automate reconnaissance at scale, adversaries have an higher hand.
All these components, taken collectively, set the stage for a brand new period of AI-powered endpoint safety.
AI-powered endpoint safety ushers in a brand new period of unified protection
Legacy approaches to endpoint safety — interdomain belief relationships, assumed belief, perimeter-based safety designs, to call a number of — are now not sufficient. If any community’s safety relies on assumed or implied belief, it’s pretty much as good as breached already.
Likewise, counting on static defenses, together with antivirus software program, perimeter firewalls or, worse, endpoints with dozens of brokers loaded on them, leaves a company simply as susceptible as if that they had no cyber protection technique in any respect.
Gartner observes that: “Identification theft, phishing and knowledge exfiltration are workspace safety dangers that require additional consideration. To deal with these points, organizations want a holistic workspace safety technique that locations the employee on the middle of safety and integrates safety throughout gadget, e-mail, id, knowledge and software entry controls.”
Daren Goeson, SVP of unified endpoint administration at Ivanti, underscored the rising problem. “Laptops, desktops, smartphones and IoT units are important to fashionable enterprise, however their increasing numbers create extra alternatives for attackers,” he mentioned. “An unpatched vulnerability or outdated software program can open the door to severe safety dangers. However as their numbers develop, so do the alternatives for attackers to use them.”
To mitigate dangers, Goeson emphasizes the significance of centralized safety and AI-powered endpoint administration. “AI-powered safety instruments can analyze huge quantities of information, detecting anomalies and predicting threats quicker and extra precisely than human analysts,” he mentioned.
Vineet Arora, CTO at WinWire, agreed: “AI instruments excel at quickly analyzing huge knowledge throughout logs, endpoints and community visitors, recognizing refined patterns early. They refine their understanding over time — robotically quarantining suspicious actions earlier than important injury can unfold.”
Gartner’s recognition of Cato Networks as a Chief within the 2024 Magic Quadrant for Single-Vendor SASE additional underscores this business shift. By delivering networking and safety capabilities via a single cloud-based platform, Cato allows organizations to handle endpoint threats, id safety and community safety in a unified method — which is crucial in an period when adversaries exploit any hole in visibility.
Integrating AI, UEM and zero-trust
Consultants agree that AI-powered automation enhances menace detection, decreasing response occasions and minimizing safety gaps. By integrating AI with unified endpoint administration (UEM), companies achieve real-time visibility throughout units, customers and networks — proactively figuring out safety gaps earlier than they are often exploited.”
By proactively stopping issues, “the pressure on IT assist can be minimized and worker downtime is drastically lowered,” mentioned Ivanti’s discipline CISO Mike Riemer.
Arora added that, whereas AI can automate routine duties and spotlight anomalies, “human analysts are crucial for complicated choices that require enterprise context — AI ought to be a drive multiplier, not a standalone alternative.”
To counter these threats, extra organizations are counting on AI to strengthen their zero-trust safety frameworks. Zero belief includes programs that constantly confirm each entry request whereas AI actively detects, investigates and, if mandatory, neutralizes every menace in actual time. Superior safety platforms combine EDR, XDR and id safety right into a single, clever protection system.
“When mixed with AI, UEM options turn out to be much more highly effective,” mentioned Goeson. “AI-powered endpoint safety instruments analyze huge datasets to detect anomalies and predict threats quicker and extra precisely than human analysts. With full visibility throughout units, customers and networks, these instruments proactively establish and shut safety gaps earlier than they are often exploited.”
AI-powered platforms and the rising demand for XDR options
Practically all cybersecurity distributors are fast-tracking AI and gen AI-related tasks of their DevOps cycles and throughout their roadmaps. The objective is to boost menace detection incident response, scale back false positives and create platforms able to scaling out with full XDR performance. Distributors on this space embrace BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Intuition, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Pattern Micro and Zscaler.
Cisco can be pushing a platform-first method, embedding AI into its safety ecosystem. “Safety is a knowledge sport,” Jeetu Patel, EVP at Cisco, advised VentureBeat. “If there’s a platform that solely does e-mail, that’s fascinating. But when there’s a platform that does e-mail and correlates that to the endpoint, to the community packets and the online, that’s much more invaluable.”
Practically each group interviewed by VentureBeat values XDR for unifying safety telemetry throughout endpoints, networks, identities and clouds. XDR enhances menace detection by correlating alerts, boosting effectivity and decreasing alert fatigue.
Riemer highlighted AI’s defensive shift: “For years, attackers have been using AI to their benefit. Nonetheless, 2025 will mark a turning level as defenders start to harness the complete potential of AI for cybersecurity functions.”
Riemer famous that AI-driven endpoint safety is shifting from reactive to proactive. “AI is already remodeling how safety groups detect early warning indicators of assaults. AI-powered safety instruments can acknowledge patterns of gadget underperformance and automate diagnostics earlier than a problem impacts the enterprise — all with minimal worker downtime and no IT assist required.”
Arora emphasised: “It’s additionally essential for CISOs to evaluate knowledge dealing with, privateness and the transparency of AI decision-making earlier than adopting such instruments — making certain they match each the group’s compliance necessities and its safety technique.”
Cato’s 2024 rollouts exemplify how superior SASE platforms combine menace detection, person entry controls, and IoT/OT safety in a single service. This consolidation reduces complexity for safety groups and helps a real zero-trust method, making certain steady verification throughout units and networks.
Conclusion: Embracing AI-driven safety for a brand new period of threats
Adversaries are transferring at machine pace, weaponizing gen AI to create refined malware, launch focused phishing campaigns and circumvent conventional defenses. The takeaway is evident: Legacy endpoint safety and patchwork options will not be sufficient to guard towards threats designed to outmaneuver static defenses.
Enterprises should embrace an AI-first technique that unifies endpoint, id and community safety inside a zero-trust framework. AI-powered platforms — constructed with real-time telemetry, XDR capabilities and predictive intelligence — are the important thing to detecting and mitigating evolving threats earlier than they result in a full-on breach.
As Kramer put it, “The period of cobbled-together safety options is over.” Organizations selecting a SASE platform are positioning themselves to proactively fight AI-driven threats. Cato, amongst different main suppliers, underscores {that a} unified, cloud-native method — marrying AI with zero-trust ideas — will probably be pivotal in safeguarding enterprises from the following wave of cyber onslaughts.
