# Sophos uncovers AI-powered malware lab built for EDR evasion

> Source: <https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/>
> Published: 2026-06-02 10:13:37+00:00

A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused on evading detection. The environment contained Cobalt Strike profiles designed to disguise beacon traffic as legitimate web requests, a Telegram-based … [More ](https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/)

The post [Sophos uncovers AI-powered malware lab built for EDR evasion](https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/) appeared first on [Help Net Security](https://www.helpnetsecurity.com).