AI vs. AI: The Race Between Adversarial and Defensive Intelligence

The AI battleground is here. Adversaries are weaponizing AI to launch attacks with unprecedented scale, speed, and effectiveness. In response, defenders are turning to AI as an analyst force-multiplier, using it to offload repetitive tasks, accelerate decision-making, and scale expertise across the SOC.

But while AI empowers analysts to operate with greater speed and precision, this evolution is forging a dangerous divide: between defenders adopting AI, and those who are being outmaneuvered by AI-powered adversaries.

Adversaries increasingly adopted GenAI throughout 2024, the CrowdStrike 2025 Global Threat Report found. GenAI tools are, for example, being used to create deepfake audio and video: A $25.6 million USD business email compromise used the cloned voice and likeness of a CFO, CrowdStrike observed.¹ An Arvix study found phishing emails generated by large language models had a 54% click-through rate — significantly higher than the 12% rate for likely human-written messages — underscoring genAI’s effectiveness in social engineering.²

Adversary use of GenAI is evolving. They are now manipulating threat indicators to obscure attribution, mimicking the tactics, techniques, and procedures (TTPs) of known threat actors to confuse analysts and delay response. These AI-powered campaigns adapt dynamically and automate deception at scale, making traditional detection increasingly unreliable. AI also enables fully autonomous attacks that identify vulnerabilities, craft exploits, and launch multi-stage campaigns with little to no human input. The speed and complexity of these operations continue to evolve beyond the reach of legacy defenses.

To test the limits of this threat, CrowdStrike’s offensive engineering team built an AI-powered attack simulation engine capable of launching multi-stage campaigns in minutes. The engine dynamically alters TTPs, generates evasive payloads, and continuously adapts its behavior to evade detection. These simulations expose critical gaps in conventional defense postures and highlight where defenders must evolve. The insights gained are not just warnings — they’re a blueprint for building AI-augmented defenses that think, adapt, and respond as fast as the adversary. With the AI-native CrowdStrike Falcon® platform, defenders gain the speed, context, and automation required to seize the advantage in this new era of cyber warfare.

This blog explores this new paradigm in two parts: a deep dive into how adversaries weaponize AI to build scalable, evasive, and intelligent attack chains, followed by a technical walkthrough of how CrowdStrike Charlotte AI™, our agentic AI analyst, enables defenders to triage, investigate, and respond to attacks at machine speed.

CrowdStrike Engineers Explore Offensive AI: The Adversary's New Weapon of Scale

The Threat Model: The AI-augmented Adversary and C2 Framework

CrowdStrike’s Offensive Lab engineers built a simulated adversarial command-and-control (C2) platform to test what happens when threat actors harness the power of agentic and generative AI to launch attacks. 

Key Features of the AI-powered C2 Framework:

• AI-driven Modular C2 Dashboard: A dynamic, modular interface provides real-time visibility into compromised hosts, executed actions, and system responses. Every action result is automatically interpreted by an embedded AI engine, which analyzes outputs and recommends next steps. This enables a near-autonomous, adaptive feedback loop for streamlined C2 operations.

• Dynamic Payload Generation: With a single natural language prompt, AI agents generate custom code — in Python, PowerShell, or Bash — tailored to the target environment. No two payloads are alike, making signature-based detection nearly impossible.

• Adaptive Evasion through Compiled Execution: AI-generated scripts are compiled into unique executables (.exe) on each run, creating fresh hashes that render static signature detection obsolete and enable stealthy, persistent evasion.

The Simulated Attack Kill Chain: From Access to Exfiltration with Fully Automated Intrusion

The success of the AI-powered adversary doesn’t lie in replacing human attackers but in accelerating them. By embedding AI across the attack chain, even low-skilled operators can execute complex, multi-stage campaigns in minutes with speed, precision, and adaptability.

Below is a breakdown of a simulated, end-to-end intrusion executed using CrowdStrike’s AI-powered attack simulation engine.

Note: For this simulation, prevention capabilities in the Falcon platform were intentionally disabled to demonstrate the full kill chain and showcase Charlotte AI in action.

1. Initial Access via Social Engineering

The attack begins with a coordinated spam bombing campaign, overwhelming the target's inbox. Shortly after, the victim receives a vishing call from an attacker impersonating IT support. Manipulated by urgency and trust, the user installs a remote monitoring and management (RMM) tool such as TeamViewer, which becomes the initial loader for the campaign. 

2. Agent Deployment and Reconnaissance

With the RMM foothold established, the attacker’s AI agent is deployed to perform reconnaissance. It collects system metadata such as OS version, user privilege level, hostname, and internal IP ranges to build a real-time profile of the target environment to inform the next phase of the attack.

3. Credential and Persistence Activities

The malicious AI agent conducts in-memory scraping and local file system enumeration to extract cloud credentials, with a focus on environment variables, configuration files, and browser-stored secrets. Access keys are prioritized due to their potential for cross-environment compromise. Once credentials are acquired, the agent establishes persistence by creating hidden scheduled tasks, modifying registry run keys, and embedding footholds within user login scripts. During lateral discovery, it enumerates accessible network shares, including mapped drives like Z:\, and indexes their contents. In this simulation, the agent uncovers sensitive documents related to mergers and acquisitions, highlighting data of strategic value for potential exfiltration or extortion.

4. Attack Vector Mapping

Leveraging built-in tooling such as LinPEAS and WinPEAS, the agent then analyzes system configurations, access controls, and local environment variables to uncover privilege escalation opportunities. It identifies common misconfigurations — such as unquoted service paths, weak permissions, and exposed credentials — and maps lateral movement paths using active sessions, trust relationships, and shared resources. These findings are flagged for potential exploitation, enabling the next stage of the attack to proceed without requiring direct operator involvement.

5. Obfuscation

Attackers use obfuscation to conceal their intent and evade detection by disguising malicious code, commands, and communications. Techniques like payload encoding, string manipulation, use of trusted system binaries (LOLBins), and encrypted C2 traffic make it difficult for defenders to trace actions or identify threats through static signatures or behavioral analysis. This is exemplified in C2 obfuscation attacks, where real-time mutation and concealment tactics create a dynamic, stealthy attack surface that challenges traditional security tools and investigative workflows.

6. Data Exfiltration

The platform stages targeted data locally to avoid detection during aggregation, minimizing noisy file access patterns that could trigger alerts. It compresses and encrypts the payload before transfer, storing it in temporary directories or user-level folders to blend with normal activity. Exfiltration is performed using low-visibility protocols designed to bypass traditional data loss prevention (DLP) and network monitoring tools. This allows data to exit the environment under the radar of standard detection mechanisms.

AI for Defense: From Agentic Triage to Intelligent Response with Charlotte AI 

While adversaries automate attack chains, defenders have their own force multiplier: Charlotte AI, an agentic security analyst embedded across the Falcon platform that offloads time-intensive tasks with user-defined autonomy.

Phase 1: Adversarial Detection Analysis with Charlotte AI

Every intrusion begins with a signal: an action by an adversary that deviates from normal activity, whether it is launching a script, establishing a foothold, or probing internal systems. These behaviors may appear benign in isolation but often indicate a broader, coordinated attack.

In this simulation, CrowdStrike Falcon® Insight XDR generates an alert related to nvzyozpj.exe, which is traced back through a complex process tree to initial execution via explorer.exe and python.exe. Upon investigation, this alert has been classified as a high-severity incident associated with the PoisonIvy malware family, with observed C2 activity targeting a suspicious domain.

The process tree visualization helps the analyst quickly understand the propagation path, highlighting disk operations, library loads, and network connections at each node. This kind of clarity is critical for determining blast radius and pinpointing lateral movement potential.

Once the analyst has a clearer understanding of the initial detection and its surrounding context, the next step is determining how to prioritize it among potentially hundreds of other alerts competing for attention.

Charlotte AI Detection Triage

The Charlotte AI Detection Triage capability prioritizes and contextualizes detections based on threat severity, adversary behavior, and blast radius. Using real-time threat activity from the Falcon platform and the triage expertise of CrowdStrike Falcon® Complete Next-Gen MDR, Charlotte AI scores and summarizes detections, groups related activity, and surfaces those that pose the greatest risk. 

With an adversary’s attempted intrusion, Charlotte AI could assign high confidence to a detection based on suspicious command-line arguments, uncommon file paths, or atypical parent-child process relationships. Conversely, it may deprioritize alerts when the behavior aligns with known benign activity, such as PowerShell executing from its default Windows directory under standard processes like explorer.exe. This triage streamlines investigations, offloads time-intensive work, and reduces alert fatigue by filtering out noise and highlighting actionable insights.

Charlotte AI Agentic Response

To enhance and accelerate incident response, Charlotte AI Agentic Response steps in as a powerful investigative partner. It autonomously interprets the context of the detection and recommends high-value investigative questions that mirror the intuition of seasoned analysts. For instance, it may prompt: “Is nvzyozpj.exe digitally signed by a trusted vendor?” or “What other systems has this file been executed on recently?” These intelligent, guided prompts reduce analysis time and cognitive load by helping the analyst navigate toward the root cause or risk vector with surgical precision. Instead of relying solely on manual query logic or threat hunting heuristics, analysts benefit from Charlotte AI’s ability to adaptively reason through the data in real time.

With the most critical alerts now surfaced, the analyst can shift their focus to deeper forensic analysis — especially in cases where command-line activity may reveal attacker intent or execution techniques that are not immediately visible in standard telemetry.

Charlotte AI Command Line Analysis

Charlotte AI interprets complex command-line activity to uncover signs of malicious behavior that might otherwise go unnoticed. In this intrusion, it flags an executable located in a temp folder (C:\Users\NAIL-FROG-dt\AppData\Local\Temp\tmp06vet884\nvzyozpj.exe), a location frequently abused by malware, and notes that the randomized filename is designed to evade signature-based detection. By breaking down these characteristics and explaining them in plain language — such as highlighting the use of temporary directories and obfuscated file names — Charlotte AI enables analysts to quickly assess whether the behavior is consistent with known threats and take appropriate action.

With the initial detection analyzed and enriched using Charlotte AI's investigative capabilities, the analyst now has a comprehensive understanding of the threat, including its origin, behavior, and potential risk. The next step is activating adaptive defense: translating this enriched context into decisive action across the response workflow. Phase 2 explores how Charlotte AI shifts from contextual analysis to orchestration, accelerating containment, remediation, and continuous improvement with agentic capabilities.

Phase 2: Countering AI-powered Adversaries with Charlotte AI

From our initial detection, we can activate a Charlotte AI Agentic Workflow using CrowdStrike Falcon® Fusion SOAR. This invokes a foundational model to guide the analyst through triage, judgment, and subsequent containment with contextual intelligence and decision support.

This process unfolds through a series of structured, intelligent phases that balance automation with human oversight:

1. True Positive Validation: Before taking any action, the workflow performs signal verification to confirm the alert represents a high-confidence, high-severity threat. This step filters out false positives and ensures only meaningful signals move forward in the workflow.
2. Automated Enrichment: Once validated, the workflow pulls in contextual data including related system activity, historical patterns, and indicators linked to known adversary behavior. This provides a more complete picture of the incident and helps inform next steps.
3. Analyst Feedback Loop: Analysts are brought into the loop with a detailed triage summary and response recommendations. They can review, approve, reject, or modify suggested actions, maintaining oversight and injecting human judgment where it matters most.
4. Conditional If/Then Response Execution: Based on analyst input or predefined logic, the Charlotte AI Agentic Workflow executes conditional response actions. For example:
   • If the activity is confirmed as malicious, then isolate the affected endpoint and disable user credentials.
   • If deemed benign or low risk, then log the event, monitor for recurrence, and suppress similar future alerts.

This end-to-end flow empowers defenders to investigate and respond at machine speed while keeping strategic control firmly in human hands.

For instance, given Charlotte AI's triage analysis and organizational policy, we can instruct the model to determine if network containment is justified.

• Network Containment Logic: Based on telemetry and analyst-defined thresholds, Charlotte AI may recommend network isolation.
• AI-crafted Justifications: LLM-powered intelligence automatically generates containment rationale using asset context and relevant reasoning, then submits it for human approval.
• Human-in-the-Loop Enforcement: Charlotte AI provides detailed triage summaries and response recommendations directly to the SOC via Slack or email. Analysts maintain full control by reviewing and approving, or rejecting, each recommendation before action is taken. For faster response, Charlotte AI Agentic Workflows can also be configured to automatically execute actions, giving teams the flexibility to balance speed with oversight.

Even if containment is denied, Charlotte AI logs the rationale and documents it for further refinement and audit.

With containment decisions executed, either through predefined policy or human-approved action, the immediate threat is suppressed — but the investigation continues. 

Phase 3: Deobfuscating Adversarial Attack Vectors with Charlotte AI

Obfuscated payloads and evasive behaviors often conceal secondary objectives or signs of persistence that demand deeper inspection beyond initial triage. At this stage, Charlotte AI shifts from executing structured response to enabling analyst-guided, conversational forensics. Through natural language, analysts can ask targeted questions, interpret suspicious artifacts, and surface previously hidden elements of the intrusion. Charlotte AI is an active investigative partner helping deconstruct adversarial  tactics and uncover the broader operational scope.

• Real-time Payload Deobfuscation: Charlotte AI performs real-time deobfuscation of adversary scripts by decoding techniques such as string encoding, variable substitution, function aliasing, and dynamic execution. This immediate conversion of obfuscated payloads into annotated, readable code eliminates reliance on external tooling or manual reverse engineering. Since obfuscation is frequently used to delay detection and mask malicious intent, rapid interpretation is essential to reducing dwell time and enabling prompt containment. By exposing execution logic at the point of discovery, Charlotte AI accelerates the transition from visibility to action in time-sensitive investigations.

• Threat-driven Promptbooks: Charlotte AI provides curated prompt collections that guide analysts through defined investigative paths during intrusions. These help trace campaign infrastructure, align activity with known adversary behavior, and anticipate likely next steps using intelligence-driven profiles. Teams can also build and maintain custom promptbooks tailored to internal processes, enabling consistent analysis across investigations. This approach ensures investigations stay focused, efficient, and adaptable to evolving threats.

• Custom Detection Query Writing: Charlotte AI translates natural language input into Falcon queries, enabling rapid detection logic generation without requiring deep familiarity with query syntax. Analysts can quickly surface signals related to RMM tools, credential access, lateral movement, and persistence techniques across the environment. This capability accelerates threat hunting and validation, reduces dependency on static detection libraries, and allows for real-time iteration as new findings emerge.

From initial detection to post-containment analysis, this simulation demonstrated what a modern, AI-assisted investigation looks like in practice — and where defenders gain decisive advantages across speed, scale, and decision support. And while this scenario demonstrated key capabilities, it represents only a portion of what Charlotte AI brings to real-world operational environments.

Lessons Learned: The Stakes and the Path Forward 

This simulation leads to an urgent question: What do defenders need to win in this new cyber battlefield?

Adversaries are already leveraging AI to industrialize attacks, lower the skill barrier, accelerate execution, and slip past traditional defenses with ease. The threat isn’t theoretical — it’s operational, and it’s moving fast.

The answer doesn’t lie in better tools alone but in scaling human expertise at machine speed. Automation alone can’t grasp nuance, intent, or ground truth quite like human experts can. But human judgment alone can’t match the scale or velocity of the AI-powered adversary. 

In the AI era, the side that best aligns human insight with machine intelligence will dominate the cyber battlefield.

Additional Resources

• Learn more about CrowdStrike Charlotte AI by visiting the product page. 
• Read more about our agentic AI innovations in this blog: CrowdStrike Launches Agentic AI Innovations to Fortify the AI-Native SOC.
• Get hands-on! Register for our live AI vs. AI Tradecraft Series.

1. CrowdStrike 2025 Global Threat Report

2. Arvix, Evaluating Large Language Models’ Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects, 2024