AI-built ransomware toolkit automates EDR evasion, AD discovery

Researchers at Sophos discovered an AI-assisted ransomware development framework that automates Active Directory discovery and iteratively generates EDR-evasive payloads (primarily Rust/Go) using multiple AI agents (Cursor, Claude Opus). The toolkit included Cobalt Strike profiles, Telegram-based C2, Python scripts for shellcode injection, and a Cloudflare Worker redirector; modules were tested against Sophos, CrowdStrike, and Windows Defender, and evidence (Cobalt Strike logs and ransom-related artifacts) indicated criminal ransomware use.