This text is a part of VentureBeat’s particular problem, “The cyber resilience playbook: Navigating the brand new period of threats.” Learn extra from this particular problem right here.
Enterprises run the very actual danger of shedding the AI arms race to adversaries who weaponize giant language fashions (LLMs) and create fraudulent bots to automate assaults.
Buying and selling on the belief of reputable instruments, adversaries are utilizing generative AI to create malware that doesn’t create a novel signature however as a substitute depends on fileless execution, making the assaults typically undetectable. Gen AI is extensively getting used to create large-scale automated phishing campaigns and automate social engineering, with attackers trying to exploit human vulnerabilities at scale.
Gartner factors out in its newest Magic Quadrant for Endpoint Safety Platforms that “leaders within the endpoint safety market are prioritizing built-in safety options that unify endpoint detection and response (EDR), prolonged detection and response (XDR) and identification safety right into a single platform. This shift allows safety groups to scale back complexity whereas enhancing menace visibility.”
The outcome? A extra advanced menace panorama transferring at machine pace whereas enterprise defenders depend on outdated instruments and applied sciences designed for a distinct period.
The dimensions of those assaults is staggering. Zscaler’s ThreatLabz indicated a virtually 60% year-over-year improve in international phishing assaults, and attributes this rise partly to the proliferation of gen AI-driven schemes. Likewise, Ivanti’s 2024 State of Cybersecurity Report discovered that 74% of companies are already seeing the affect of AI-powered threats. And, 9 in 10 executives mentioned they consider that AI-powered threats are simply getting began.
“Should you’ve received adversaries breaking out in two minutes, and it takes you a day to ingest knowledge and one other day to run a search, how are you going to presumably hope to maintain up?” Elia Zaitsev, CTO of CrowdStrike famous in a current interview with VentureBeat.
The brand new cyber arms race: Adversarial AI vs. defensive AI on the endpoint
Adversaries, particularly cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, including to their arsenals quicker than any enterprise can sustain. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons.
“Even if you happen to’re not an skilled, gen AI can create scripts or phishing emails in your behalf,” George Kurtz, CrowdStrike CEO and founder on the current World Financial Discussion board, mentioned in an interview with CNBC. “It’s by no means been simpler for adversaries. However the excellent news is, if we correctly harness AI on the defensive aspect, we have now a large alternative to remain forward.”
As Gartner advises: “AI-enhanced safety instruments needs to be seen as power multipliers slightly than standalone replacements for conventional safety measures. Organizations should be sure that AI-driven options combine successfully with human decision-making to mitigate dangers.”
Etay Maor, chief safety strategist at Cato Networks, informed VentureBeat that “adversaries usually are not simply utilizing AI to automate assaults — they’re utilizing it to mix into regular community site visitors, making them more durable to detect. The actual problem is that AI-powered assaults usually are not a single occasion; they’re a steady strategy of reconnaissance, evasion and adaptation.”
Cato outlined in its 2024 enterprise highlights the way it expanded its safe entry service edge (SASE) cloud platform 5 instances within the final yr, introducing Cato XDR, Cato endpoint safety platform (EPP), Cato managed SASE, Cato digital expertise monitoring (DEM) and Cato IoT/OT Safety, all of which purpose to streamline and unify safety capabilities underneath one platform. “We’re not simply taking share,” mentioned Shlomo Kramer, Cato co-founder and CEO. “We’re redefining how organizations join and safe their operations, as AI and cloud remodel the safety panorama.”
Unifying endpoints and identities is the way forward for zero belief. Adversaries are fast to capitalize on unchecked agent sprawl, which is made extra unreliable on account of a surge in dozens of identities’ knowledge being integral to an endpoint. Utilizing AI to automate reconnaissance at scale, adversaries have an higher hand.
All these elements, taken collectively, set the stage for a brand new period of AI-powered endpoint safety.
AI-powered endpoint safety ushers in a brand new period of unified protection
Legacy approaches to endpoint safety — interdomain belief relationships, assumed belief, perimeter-based safety designs, to call a couple of — are now not sufficient. If any community’s safety relies on assumed or implied belief, it’s nearly as good as breached already.
Likewise, counting on static defenses, together with antivirus software program, perimeter firewalls or, worse, endpoints with dozens of brokers loaded on them, leaves a corporation simply as weak as if that they had no cyber protection technique in any respect.
Gartner observes that: “Identification theft, phishing and knowledge exfiltration are workspace safety dangers that require additional consideration. To deal with these points, organizations want a holistic workspace safety technique that locations the employee on the heart of safety and integrates safety throughout gadget, e mail, identification, knowledge and software entry controls.”
Daren Goeson, SVP of unified endpoint administration at Ivanti, underscored the rising problem. “Laptops, desktops, smartphones and IoT gadgets are important to fashionable enterprise, however their increasing numbers create extra alternatives for attackers,” he mentioned. “An unpatched vulnerability or outdated software program can open the door to severe safety dangers. However as their numbers develop, so do the alternatives for attackers to use them.”
To mitigate dangers, Goeson emphasizes the significance of centralized safety and AI-powered endpoint administration. “AI-powered safety instruments can analyze huge quantities of knowledge, detecting anomalies and predicting threats quicker and extra precisely than human analysts,” he mentioned.
Vineet Arora, CTO at WinWire, agreed: “AI instruments excel at quickly analyzing large knowledge throughout logs, endpoints and community site visitors, recognizing refined patterns early. They refine their understanding over time — routinely quarantining suspicious actions earlier than vital injury can unfold.”
Gartner’s recognition of Cato Networks as a Chief within the 2024 Magic Quadrant for Single-Vendor SASE additional underscores this business shift. By delivering networking and safety capabilities via a single cloud-based platform, Cato allows organizations to handle endpoint threats, identification safety and community safety in a unified method — which is crucial in an period when adversaries exploit any hole in visibility.
Integrating AI, UEM and zero-trust
Specialists agree that AI-powered automation enhances menace detection, decreasing response instances and minimizing safety gaps. By integrating AI with unified endpoint administration (UEM), companies achieve real-time visibility throughout gadgets, customers and networks — proactively figuring out safety gaps earlier than they are often exploited.”
By proactively stopping issues, “the pressure on IT help can also be minimized and worker downtime is drastically lowered,” mentioned Ivanti’s discipline CISO Mike Riemer.
Arora added that, whereas AI can automate routine duties and spotlight anomalies, “human analysts are crucial for advanced choices that require enterprise context — AI needs to be a power multiplier, not a standalone substitute.”
To counter these threats, extra organizations are counting on AI to strengthen their zero-trust safety frameworks. Zero belief contains techniques that constantly confirm each entry request whereas AI actively detects, investigates and, if essential, neutralizes every menace in actual time. Superior safety platforms combine EDR, XDR and identification safety right into a single, clever protection system.
“When mixed with AI, UEM options grow to be much more highly effective,” mentioned Goeson. “AI-powered endpoint safety instruments analyze huge datasets to detect anomalies and predict threats quicker and extra precisely than human analysts. With full visibility throughout gadgets, customers and networks, these instruments proactively determine and shut safety gaps earlier than they are often exploited.”
AI-powered platforms and the rising demand for XDR options
Practically all cybersecurity distributors are fast-tracking AI and gen AI-related initiatives of their DevOps cycles and throughout their roadmaps. The aim is to boost menace detection incident response, scale back false positives and create platforms able to scaling out with full XDR performance. Distributors on this space embrace BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Intuition, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Pattern Micro and Zscaler.
Cisco can also be pushing a platform-first method, embedding AI into its safety ecosystem. “Safety is a knowledge recreation,” Jeetu Patel, EVP at Cisco, informed VentureBeat. “If there’s a platform that solely does e mail, that’s fascinating. But when there’s a platform that does e mail and correlates that to the endpoint, to the community packets and the net, that’s way more helpful.”
Practically each group interviewed by VentureBeat values XDR for unifying safety telemetry throughout endpoints, networks, identities and clouds. XDR enhances menace detection by correlating indicators, boosting effectivity and decreasing alert fatigue.
Riemer highlighted AI’s defensive shift: “For years, attackers have been using AI to their benefit. Nevertheless, 2025 will mark a turning level as defenders start to harness the total potential of AI for cybersecurity functions.”
Riemer famous that AI-driven endpoint safety is shifting from reactive to proactive. “AI is already reworking how safety groups detect early warning indicators of assaults. AI-powered safety instruments can acknowledge patterns of gadget underperformance and automate diagnostics earlier than a problem impacts the enterprise — all with minimal worker downtime and no IT help required.”
Arora emphasised: “It’s additionally essential for CISOs to evaluate knowledge dealing with, privateness and the transparency of AI decision-making earlier than adopting such instruments — making certain they match each the group’s compliance necessities and its safety technique.”
Cato’s 2024 rollouts exemplify how superior SASE platforms combine menace detection, person entry controls, and IoT/OT safety in a single service. This consolidation reduces complexity for safety groups and helps a real zero-trust method, making certain steady verification throughout gadgets and networks.
Conclusion: Embracing AI-driven safety for a brand new period of threats
Adversaries are transferring at machine pace, weaponizing gen AI to create refined malware, launch focused phishing campaigns and circumvent conventional defenses. The takeaway is evident: Legacy endpoint safety and patchwork options usually are not sufficient to guard in opposition to threats designed to outmaneuver static defenses.
Enterprises should embrace an AI-first technique that unifies endpoint, identification and community safety inside a zero-trust framework. AI-powered platforms — constructed with real-time telemetry, XDR capabilities and predictive intelligence — are the important thing to detecting and mitigating evolving threats earlier than they result in a full-on breach.
As Kramer put it, “The period of cobbled-together safety options is over.” Organizations selecting a SASE platform are positioning themselves to proactively fight AI-driven threats. Cato, amongst different main suppliers, underscores {that a} unified, cloud-native method — marrying AI with zero-trust rules — will probably be pivotal in safeguarding enterprises from the subsequent wave of cyber onslaughts.
