The shift in offensive operations over the last 18 months is unlike anything the industry has seen before. AI isn't coming for defenders, it's already here. And to make things worse, attackers are using it to outpace traditional security controls at a rate that should concern everyone.
Here's the reality: signature-based detection was always playing catch-up. It works by recognizing things that have already been seen; file hashes, known-bad strings, IOCs pulled from last month's incident. That model assumes attackers are reusing tools and infrastructure. They're not. Not anymore.
Polymorphism at Scale
Polymorphic malware isn't new. What's new is how trivially easy AI makes it to generate variants. A red team operator can take a loader, feed it through an LLM-assisted obfuscation pipeline, and produce hundreds of unique builds that share zero static indicators. Different hashes, different string tables, different control flow. Same capability.
From an offensive perspective, this changes engagement dynamics completely. Payload development and evasion used to consume significant amounts of time. Now, generating AV-bypassing variants is almost a commodity task. If authorized red teams can do it with limited resources, assume actual threat actors, with more time, more money, and no rules of engagement, are doing it better.
The tooling exists to test payloads against defender solutions in automated loops. Spin up a sandbox, drop the payload, check detection, mutate, repeat. Iterate until clean. That's not theoretical, it's how modern offensive tooling development works.
Why Behavioral Detection Has to Be the Focus
If static indicators are unreliable, what's left? Behavior.
Malware can change its code, but it still must do something. It needs to establish persistence, move laterally, touch credentials, call home. Those actions leave traces that are harder to obfuscate than a file hash.
Competent defenders should be watching for:
- Process lineage that doesn't make sense (Word spawning PowerShell spawning cmd.exe)
- Authentication patterns that deviate from baseline (service accounts logging in interactively, lateral movement spikes)
- Memory behaviors associated with injection techniques
- Network traffic that violates expected protocol norms
Good detection engineering focuses on these patterns, not on "did we see this exact hash before." The best blue teams aren't hunting for tools, they're hunting for tradecraft.
IOCs Need to Get Smarter
Most IOC feeds are noise. A hash gets burned within hours. A C2 domain is useful until the next rotation. If a detection strategy depends on someone else seeing the attack first and publishing indicators, it's always behind.
The IOCs worth investing in are behavioral: specific API call sequences, registry key patterns associated with persistence mechanisms, authentication anomalies, protocol misuse. These tie to what the attacker is trying to accomplish, not what tool they happen to be using today. That's the important distinction.
Anyone building custom offensive tooling knows that changing source code is easy. Changing objectives is not. Credential access is still required. Lateral movement is still required. Exfiltration is still required. Detect those actions, and the operator gets caught regardless of what the payload looks like.
AI Works Both Ways
Defenders have access to the same technology. Machine learning models that baseline normal environment behavior and flag deviations are genuinely useful when tuned properly and fed good telemetry. The challenge is operationalizing them without drowning in false positives.
The environments that cause the most problems during offensive engagements are the ones with mature detection engineering programs. They're correlating endpoint telemetry with identity logs and network traffic in near real-time. They're running adversary simulations that mirror actual attacker behavior, not checkbox compliance exercises. They're hunting proactively instead of waiting for alerts.
The Uncomfortable Truth
Prevention won't stop every breach. That's not defeatism, it's operational reality. Attackers only need to be right once. Defenders need to be right constantly.
The goal isn't perfection. The goal is making attacker operations expensive, noisy, and slow enough that detection happens before objectives are achieved. That means investing in detection engineering, building response capabilities that actually work under pressure, and accepting that security stacks will fail at some point.
AI is making attacks cheaper and faster to produce. The response isn't more signatures; it's better detection of the behaviors that signatures can't catch.
Author:
Anthony Cihan is the Senior Principal Cybersecurity Engineer at Obviam where he leads offensive security operations and security assessments. He holds a BS is Cybersecurity and Information Assurance, the OSCP and OSWP, and has published multiple offensive security tools such as the PiSquirrel wiretap/implant and the Spellbinder SLAAC based IPv6 attack tool.
.png){kind=logo}
