This text is a part of VentureBeat’s particular situation, “The cyber resilience playbook: Navigating the brand new period of threats.” Learn extra from this particular situation right here.
Enterprises run the very actual danger of shedding the AI arms race to adversaries who weaponize massive language fashions (LLMs) and create fraudulent bots to automate assaults.
Buying and selling on the belief of reputable instruments, adversaries are utilizing generative AI to create malware that doesn’t create a singular signature however as a substitute depends on fileless execution, making the assaults typically undetectable. Gen AI is extensively getting used to create large-scale automated phishing campaigns and automate social engineering, with attackers trying to exploit human vulnerabilities at scale.
Gartner factors out in its newest Magic Quadrant for Endpoint Protection Platforms that “leaders within the endpoint safety market are prioritizing built-in safety options that unify endpoint detection and response (EDR), prolonged detection and response (XDR) and id safety right into a single platform. This shift permits safety groups to scale back complexity whereas bettering menace visibility.”
The end result? A extra advanced menace panorama transferring at machine pace whereas enterprise defenders depend on outdated instruments and applied sciences designed for a distinct period.
The size of those assaults is staggering. Zscaler’s ThreatLabz indicated an almost 60% year-over-year enhance in international phishing assaults, and attributes this rise partly to the proliferation of gen AI-driven schemes. Likewise, Ivanti’s 2024 State of Cybersecurity Report discovered that 74% of companies are already seeing the impression of AI-powered threats. And, 9 in 10 executives stated they consider that AI-powered threats are simply getting began.
“In the event you’ve received adversaries breaking out in two minutes, and it takes you a day to ingest knowledge and one other day to run a search, how will you probably hope to maintain up?” Elia Zaitsev, CTO of CrowdStrike famous in a current interview with VentureBeat.
The brand new cyber arms race: Adversarial AI vs. defensive AI on the endpoint
Adversaries, particularly cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, including to their arsenals quicker than any enterprise can sustain. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons.
“Even in case you’re not an professional, gen AI can create scripts or phishing emails in your behalf,” George Kurtz, CrowdStrike CEO and founder on the current World Financial Discussion board, stated in an interview with CNBC. “It’s by no means been simpler for adversaries. However the excellent news is, if we correctly harness AI on the defensive facet, we have now an enormous alternative to remain forward.”
As Gartner advises: “AI-enhanced safety instruments ought to be considered as pressure multipliers moderately than standalone replacements for conventional safety measures. Organizations should be sure that AI-driven options combine successfully with human decision-making to mitigate dangers.”
Etay Maor, chief safety strategist at Cato Networks, advised VentureBeat that “adversaries should not simply utilizing AI to automate assaults — they’re utilizing it to mix into regular community visitors, making them tougher to detect. The actual problem is that AI-powered assaults should not a single occasion; they’re a steady means of reconnaissance, evasion and adaptation.”
Cato outlined in its 2024 business highlights the way it expanded its safe entry service edge (SASE) cloud platform 5 occasions within the final yr, introducing Cato XDR, Cato endpoint safety platform (EPP), Cato managed SASE, Cato digital expertise monitoring (DEM) and Cato IoT/OT Safety, all of which intention to streamline and unify safety capabilities below one platform. “We’re not simply taking share,” stated Shlomo Kramer, Cato co-founder and CEO. “We’re redefining how organizations join and safe their operations, as AI and cloud rework the safety panorama.”
Unifying endpoints and identities is the way forward for zero belief. Adversaries are fast to capitalize on unchecked agent sprawl, which is made extra unreliable as a result of a surge in dozens of identities’ knowledge being integral to an endpoint. Utilizing AI to automate reconnaissance at scale, adversaries have an higher hand.
All these elements, taken collectively, set the stage for a brand new period of AI-powered endpoint safety.
AI-powered endpoint safety ushers in a brand new period of unified protection
Legacy approaches to endpoint safety — interdomain belief relationships, assumed belief, perimeter-based safety designs, to call a number of — are not sufficient. If any community’s safety relies on assumed or implied belief, it’s pretty much as good as breached already.
Likewise, counting on static defenses, together with antivirus software program, perimeter firewalls or, worse, endpoints with dozens of brokers loaded on them, leaves a corporation simply as susceptible as if they’d no cyber protection technique in any respect.
Gartner observes that: “Id theft, phishing and knowledge exfiltration are workspace safety dangers that require additional consideration. To deal with these points, organizations want a holistic workspace safety technique that locations the employee on the heart of safety and integrates safety throughout gadget, e-mail, id, knowledge and software entry controls.”
Daren Goeson, SVP of unified endpoint administration at Ivanti, underscored the rising problem. “Laptops, desktops, smartphones and IoT gadgets are important to fashionable enterprise, however their increasing numbers create extra alternatives for attackers,” he stated. “An unpatched vulnerability or outdated software program can open the door to severe safety dangers. However as their numbers develop, so do the alternatives for attackers to use them.”
To mitigate dangers, Goeson emphasizes the significance of centralized safety and AI-powered endpoint administration. “AI-powered safety instruments can analyze huge quantities of knowledge, detecting anomalies and predicting threats quicker and extra precisely than human analysts,” he stated.
Vineet Arora, CTO at WinWire, agreed: “AI instruments excel at quickly analyzing large knowledge throughout logs, endpoints and community visitors, recognizing delicate patterns early. They refine their understanding over time — robotically quarantining suspicious actions earlier than important harm can unfold.”
Gartner’s recognition of Cato Networks as a Chief within the 2024 Magic Quadrant for Single-Vendor SASE additional underscores this business shift. By delivering networking and safety capabilities by means of a single cloud-based platform, Cato permits organizations to handle endpoint threats, id safety and community safety in a unified method — which is crucial in an period when adversaries exploit any hole in visibility.
Integrating AI, UEM and zero-trust
Consultants agree that AI-powered automation enhances menace detection, decreasing response occasions and minimizing safety gaps. By integrating AI with unified endpoint administration (UEM), companies achieve real-time visibility throughout gadgets, customers and networks — proactively figuring out safety gaps earlier than they are often exploited.”
By proactively stopping issues, “the pressure on IT assist can be minimized and worker downtime is drastically diminished,” stated Ivanti’s area CISO Mike Riemer.
Arora added that, whereas AI can automate routine duties and spotlight anomalies, “human analysts are crucial for advanced selections that require enterprise context — AI ought to be a pressure multiplier, not a standalone alternative.”
To counter these threats, extra organizations are counting on AI to strengthen their zero-trust safety frameworks. Zero belief includes techniques that constantly confirm each entry request whereas AI actively detects, investigates and, if vital, neutralizes every menace in actual time. Superior safety platforms combine EDR, XDR and id safety right into a single, clever protection system.
“When mixed with AI, UEM options grow to be much more highly effective,” stated Goeson. “AI-powered endpoint safety instruments analyze huge datasets to detect anomalies and predict threats quicker and extra precisely than human analysts. With full visibility throughout gadgets, customers and networks, these instruments proactively establish and shut safety gaps earlier than they are often exploited.”
AI-powered platforms and the rising demand for XDR options
Practically all cybersecurity distributors are fast-tracking AI and gen AI-related tasks of their DevOps cycles and throughout their roadmaps. The purpose is to boost menace detection incident response, scale back false positives and create platforms able to scaling out with full XDR performance. Distributors on this space embrace BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Intuition, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Development Micro and Zscaler.
Cisco can be pushing a platform-first method, embedding AI into its safety ecosystem. “Safety is a knowledge sport,” Jeetu Patel, EVP at Cisco, advised VentureBeat. “If there’s a platform that solely does e-mail, that’s fascinating. But when there’s a platform that does e-mail and correlates that to the endpoint, to the community packets and the online, that’s way more invaluable.”
Practically each group interviewed by VentureBeat values XDR for unifying safety telemetry throughout endpoints, networks, identities and clouds. XDR enhances menace detection by correlating alerts, boosting effectivity and decreasing alert fatigue.
Riemer highlighted AI’s defensive shift: “For years, attackers have been using AI to their benefit. Nevertheless, 2025 will mark a turning level as defenders start to harness the total potential of AI for cybersecurity functions.”
Riemer famous that AI-driven endpoint safety is shifting from reactive to proactive. “AI is already reworking how safety groups detect early warning indicators of assaults. AI-powered safety instruments can acknowledge patterns of gadget underperformance and automate diagnostics earlier than a difficulty impacts the enterprise — all with minimal worker downtime and no IT assist required.”
Arora emphasised: “It’s additionally essential for CISOs to evaluate knowledge dealing with, privateness and the transparency of AI decision-making earlier than adopting such instruments — making certain they match each the group’s compliance necessities and its safety technique.”
Cato’s 2024 rollouts exemplify how superior SASE platforms combine menace detection, person entry controls, and IoT/OT safety in a single service. This consolidation reduces complexity for safety groups and helps a real zero-trust method, making certain steady verification throughout gadgets and networks.
Conclusion: Embracing AI-driven safety for a brand new period of threats
Adversaries are transferring at machine pace, weaponizing gen AI to create subtle malware, launch focused phishing campaigns and circumvent conventional defenses. The takeaway is obvious: Legacy endpoint safety and patchwork options should not sufficient to guard towards threats designed to outmaneuver static defenses.
Enterprises should embrace an AI-first technique that unifies endpoint, id and community safety inside a zero-trust framework. AI-powered platforms — constructed with real-time telemetry, XDR capabilities and predictive intelligence — are the important thing to detecting and mitigating evolving threats earlier than they result in a full-on breach.
As Kramer put it, “The period of cobbled-together safety options is over.” Organizations selecting a SASE platform are positioning themselves to proactively fight AI-driven threats. Cato, amongst different main suppliers, underscores {that a} unified, cloud-native method — marrying AI with zero-trust rules — might be pivotal in safeguarding enterprises from the subsequent wave of cyber onslaughts.
