This text is a part of VentureBeat’s particular subject, “The cyber resilience playbook: Navigating the new era of threats.” Learn extra from this particular subject right here.
Enterprises run the very actual threat of shedding the AI arms race to adversaries who weaponize giant language fashions (LLMs) and create fraudulent bots to automate assaults.
Buying and selling on the belief of authentic instruments, adversaries are utilizing generative AI to create malware that doesn’t create a novel signature however as an alternative depends on fileless execution, making the assaults typically undetectable. Gen AI is extensively getting used to create large-scale automated phishing campaigns and automate social engineering, with attackers trying to exploit human vulnerabilities at scale.
Gartner factors out in its newest Magic Quadrant for Endpoint Safety Platforms that “leaders in the endpoint protection market are prioritizing integrated security solutions that unify endpoint detection and response (EDR), extended detection and response (XDR) and identity protection into a single platform. This shift enables security teams to reduce complexity while improving threat visibility.”
The consequence? A extra complicated menace panorama transferring at machine velocity whereas enterprise defenders depend on outdated instruments and applied sciences designed for a distinct period.
The size of those assaults is staggering. Zscaler’s ThreatLabz indicated an almost 60% year-over-year enhance in world phishing assaults, and attributes this rise partially to the proliferation of gen AI-driven schemes. Likewise, Ivanti’s 2024 State of Cybersecurity Report discovered that 74% of companies are already seeing the impression of AI-powered threats. And, 9 in 10 executives stated they consider that AI-powered threats are simply getting began.
“If you’ve got adversaries breaking out in two minutes, and it takes you a day to ingest data and another day to run a search, how can you possibly hope to keep up?” Elia Zaitsev, CTO of CrowdStrike famous in a current interview with VentureBeat.
The brand new cyber arms race: Adversarial AI vs. defensive AI on the endpoint
Adversaries, particularly cybercrime syndicates and nation-state actors, are refining their tradecraft with AI, including to their arsenals sooner than any enterprise can sustain. Gen AI has democratized how adversaries, from rogue attackers to large-scale cyberwar operations, can create new weapons.
“Even if you’re not an expert, gen AI can create scripts or phishing emails on your behalf,” George Kurtz, CrowdStrike CEO and founder on the current World Financial Discussion board, stated in an interview with CNBC. “It’s never been easier for adversaries. But the good news is, if we properly harness AI on the defensive side, we have a massive opportunity to stay ahead.”
As Gartner advises: “AI-enhanced security tools should be viewed as force multipliers rather than standalone replacements for traditional security measures. Organizations must ensure that AI-driven solutions integrate effectively with human decision-making to mitigate risks.”
Etay Maor, chief safety strategist at Cato Networks, instructed VentureBeat that “adversaries are not just using AI to automate attacks — they’re using it to blend into normal network traffic, making them harder to detect. The real challenge is that AI-powered attacks are not a single event; they’re a continuous process of reconnaissance, evasion and adaptation.”
Cato outlined in its 2024 enterprise highlights the way it expanded its safe entry service edge (SASE) cloud platform 5 instances within the final yr, introducing Cato XDR, Cato endpoint safety platform (EPP), Cato managed SASE, Cato digital expertise monitoring (DEM) and Cato IoT/OT Safety, all of which intention to streamline and unify safety capabilities underneath one platform. “We’re not just taking share,” stated Shlomo Kramer, Cato co-founder and CEO. “We’re redefining how organizations connect and secure their operations, as AI and cloud transform the security landscape.”
Unifying endpoints and identities is the way forward for zero belief. Adversaries are fast to capitalize on unchecked agent sprawl, which is made extra unreliable as a consequence of a surge in dozens of identities’ information being integral to an endpoint. Utilizing AI to automate reconnaissance at scale, adversaries have an higher hand.
All these components, taken collectively, set the stage for a brand new period of AI-powered endpoint safety.
AI-powered endpoint safety ushers in a brand new period of unified protection
Legacy approaches to endpoint safety — interdomain belief relationships, assumed belief, perimeter-based safety designs, to call a couple of — are not sufficient. If any community’s safety is predicated on assumed or implied belief, it’s pretty much as good as breached already.
Likewise, counting on static defenses, together with antivirus software program, perimeter firewalls or, worse, endpoints with dozens of brokers loaded on them, leaves a corporation simply as weak as if they’d no cyber protection technique in any respect.
Gartner observes that: “Identity theft, phishing and data exfiltration are workspace security risks that require further attention. To address these issues, organizations need a holistic workspace security strategy that places the worker at the center of protection and integrates security across device, email, identity, data and application access controls.”
Daren Goeson, SVP of unified endpoint administration at Ivanti, underscored the rising problem. “Laptops, desktops, smartphones and IoT devices are essential to modern business, but their expanding numbers create more opportunities for attackers,” he stated. “An unpatched vulnerability or outdated software can open the door to serious security risks. But as their numbers grow, so do the opportunities for attackers to exploit them.”
To mitigate dangers, Goeson emphasizes the significance of centralized safety and AI-powered endpoint administration. “AI-powered security tools can analyze vast amounts of data, detecting anomalies and predicting threats faster and more accurately than human analysts,” he stated.
Vineet Arora, CTO at WinWire, agreed: “AI tools excel at rapidly analyzing massive data across logs, endpoints and network traffic, spotting subtle patterns early. They refine their understanding over time — automatically quarantining suspicious activities before significant damage can spread.”
Gartner’s recognition of Cato Networks as a Chief within the 2024 Magic Quadrant for Single-Vendor SASE additional underscores this business shift. By delivering networking and safety capabilities by means of a single cloud-based platform, Cato allows organizations to deal with endpoint threats, identification safety and community safety in a unified method — which is important in an period when adversaries exploit any hole in visibility.
Integrating AI, UEM and zero-trust
Consultants agree that AI-powered automation enhances menace detection, decreasing response instances and minimizing safety gaps. By integrating AI with unified endpoint administration (UEM), companies acquire real-time visibility throughout units, customers and networks — proactively figuring out safety gaps earlier than they are often exploited.”
By proactively stopping issues, “the strain on IT support is also minimized and employee downtime is drastically reduced,” stated Ivanti’s area CISO Mike Riemer.
Arora added that, whereas AI can automate routine duties and spotlight anomalies, “human analysts are critical for complex decisions that require business context — AI should be a force multiplier, not a standalone replacement.”
To counter these threats, extra organizations are counting on AI to strengthen their zero-trust safety frameworks. Zero belief contains programs that repeatedly confirm each entry request whereas AI actively detects, investigates and, if needed, neutralizes every menace in actual time. Superior safety platforms combine EDR, XDR and identification safety right into a single, clever protection system.
“When combined with AI, UEM solutions become even more powerful,” stated Goeson. “AI-powered endpoint security tools analyze vast datasets to detect anomalies and predict threats faster and more accurately than human analysts. With full visibility across devices, users and networks, these tools proactively identify and close security gaps before they can be exploited.”
AI-powered platforms and the rising demand for XDR options
Practically all cybersecurity distributors are fast-tracking AI and gen AI-related tasks of their DevOps cycles and throughout their roadmaps. The objective is to boost menace detection incident response, cut back false positives and create platforms able to scaling out with full XDR performance. Distributors on this space embody BlackBerry, Bitdefender, Cato Networks, Cisco, CrowdStrike, Deep Intuition, ESET, Fortinet, Ivanti, SentinelOne, Sophos, Development Micro and Zscaler.
Cisco can also be pushing a platform-first method, embedding AI into its safety ecosystem. “Security is a data game,” Jeetu Patel, EVP at Cisco, instructed VentureBeat. “If there’s a platform that only does email, that’s interesting. But if there’s a platform that does email and correlates that to the endpoint, to the network packets and the web, that’s far more valuable.”
Practically each group interviewed by VentureBeat values XDR for unifying safety telemetry throughout endpoints, networks, identities and clouds. XDR enhances menace detection by correlating indicators, boosting effectivity and decreasing alert fatigue.
Riemer highlighted AI’s defensive shift: “For years, attackers have been utilizing AI to their advantage. However, 2025 will mark a turning point as defenders begin to harness the full potential of AI for cybersecurity purposes.”
Riemer famous that AI-driven endpoint safety is shifting from reactive to proactive. “AI is already transforming how security teams detect early warning signs of attacks. AI-powered security tools can recognize patterns of device underperformance and automate diagnostics before an issue impacts the business — all with minimal employee downtime and no IT support required.”
Arora emphasised: “It’s also crucial for CISOs to assess data handling, privacy and the transparency of AI decision-making before adopting such tools — ensuring they fit both the organization’s compliance requirements and its security strategy.”
Cato’s 2024 rollouts exemplify how superior SASE platforms combine menace detection, consumer entry controls, and IoT/OT safety in a single service. This consolidation reduces complexity for safety groups and helps a real zero-trust method, guaranteeing steady verification throughout units and networks.
Conclusion: Embracing AI-driven safety for a brand new period of threats
Adversaries are transferring at machine velocity, weaponizing gen AI to create refined malware, launch focused phishing campaigns and circumvent conventional defenses. The takeaway is obvious: Legacy endpoint safety and patchwork options should not sufficient to guard towards threats designed to outmaneuver static defenses.
Enterprises should embrace an AI-first technique that unifies endpoint, identification and community safety inside a zero-trust framework. AI-powered platforms — constructed with real-time telemetry, XDR capabilities and predictive intelligence — are the important thing to detecting and mitigating evolving threats earlier than they result in a full-on breach.
As Kramer put it, “The era of cobbled-together security solutions is over.” Organizations selecting a SASE platform are positioning themselves to proactively fight AI-driven threats. Cato, amongst different main suppliers, underscores {that a} unified, cloud-native method — marrying AI with zero-trust rules — will likely be pivotal in safeguarding enterprises from the subsequent wave of cyber onslaughts.
