They're outsmarting defenses. AI-enabled polymorphic malware rewrites itself to evade detection -- and even to slip from the grasp of remediation efforts.
Just as AI is accelerating attack efforts, it's also helping defenders find and stop threats that are escalating in volume, scale, and sophistication. Security teams could use the help. A recent study found cybersecurity resources aren't keeping pace with threat levels, with budget growth slowing from 17% in 2022 to just 4% in 2025.
The good news is that AI enhancements to existing defenses are helping teams do more in less time, alleviating much of the manual work associated with identifying and investigating threats-and even stopping threats before they can do damage.
Here are a few of the AI-enabled defenses that security teams can deploy today.
Stopping LOTL attacks. Living off the land (LOTL) attacks can be especially difficult to sniff out since they use legitimate operating system tools as cover for nefarious activity and leave few traces behind. But what if security teams had a way to detect unusual use of those otherwise legitimate tools? Enter Adaptive Protection, an AI-enabled feature of Symantec Endpoint Security Complete (SES-C). Adaptive Protection monitors an organization's typical use of software and utilities, and then automatically flags behavior that falls outside that normal use.
Predicting and stopping an attacker's next moves. Attackers chain together various techniques, tactics, and procedures (TTPs) to evade detection and infiltrate an environment. But a new capability is changing all that. Incident Prediction, another exclusive feature of SES-C, leverages AI to identify and disrupt LOTL and other attacks before damage can occur. Trained on a catalog of more than 500,000 attack chains, Incident Prediction predicts attackers' behaviors, prevents their next move in the attack chain, and quickly returns the organization to its pre-attack state.
Automatically initiating threat analysis. Attackers aren't the only ones using agentic AI. SymantecAI, another feature of SESC, musters numerous AI agents to respond to queries by engaging virtually all of Symantec and Carbon Black's threat intelligence and other data to analyze threats. The assistant can automatically activate internal threat analysis tools to get answers and surface insights that help security professionals decide what to do next.
Saving analysts hours, even days of time. SES-C also features incident summaries that use AI to sift through all the various events associated with an incident to produce a summary that analysts can consume in as quickly as a few seconds. The summaries include a well-written, easily understood narrative of the incident, followed by an array of details that reveal insights on an attack as it may be unfolding and guiding analysts on a course of action.
Speeding remediation. Process trees are great, but they don't show the relationships between entities involved in an attack chain. Threat Tracer, a new feature of Carbon Black Enterprise EDR, relies on a foundation of machine learning-curated alerts to produce a dynamic visual map of attacks that can accelerate remediation.
Reducing false positives. A new enhancement to Carbon Black Cloud taps Google Gemini models to determine if a false positive (FP) is really an FP. This saves considerable time that would otherwise go toward sifting out FPs from true positives.
Providing answers even novices can understand. AI-enabled natural language processing (NLP) lets users ask questions using any wording they choose and get accurate, properly constructed Lucene query expressions in return. Now less experienced analysts can participate and contribute during investigations.