AI vs. AI: When Attackers Use the Same Tools as Defenders
Offensive AI moved from research to operational in 2025. Here's what we are seeing from ARIA's detection telemetry — and how defense has to evolve.
We crossed an uncomfortable threshold in late 2025. For the first time, ARIA's detection telemetry showed campaigns where every observable step — from initial recon to lateral movement — looked like it had been authored by an LLM. Not just the phishing copy. The infrastructure. The timing. The decision tree.
What 'AI-native attacks' actually look like
We see three patterns far more than the others:
- Polymorphic phishing where every recipient receives a different lure tied to their actual project graph (scraped from LinkedIn and GitHub).
- Reconnaissance scripts that adapt as they fail — pivoting from one IDP to another based on response headers.
- Lateral movement that delays itself by humanlike intervals to evade behavioral heuristics.
Why classical detection is losing
Most SIEMs and EDRs were designed around indicators-of-compromise (IOCs) and behavioral signatures. AI-native attacks don't reuse IOCs because each attack is freshly generated. They don't trip behavioral signatures because the behaviors look reasonable in isolation.
What works
The honest answer is also the harder one: only AI catches AI, and only if the AI reasons over the full graph — identity, network, workload, and code together. We trained ARIA on 41 billion attack patterns, but the architectural breakthrough is that it ingests every domain in one model. A signal that looks innocuous in identity becomes obvious when reasoned against the workload graph.
The new tradeoff: explainability
An AI defender that can't explain itself is a liability. We invested heavily in ARIA's explainability layer for exactly this reason. Every decision ships with the reasoning trail. A SOC analyst can defend any block in writing — which matters when your auditors arrive.