Unmasking Agentic Cyberattacks: Powerful Ways Exeon.NDR Transforms Detection 

Introduction: When AI Agents Turn Malicious 

In November 2025, Anthropic reported a cyber-espionage campaign in which an AI-agent framework (using the company’s “Claude Code” tool) carried out most of the attack workflow—autonomously executing reconnaissance, exploitation, credential theft and exfiltration with minimal human intervention. 

This is a textbook example of Agentic Cyberattacks: operations where AI agents chain tasks, call tools and adapt to response in near real time. At first sight, this attack scenario presents novel detection challenges: high-speed operations, modular task breakdown, minimal human presence, and use of AI-orchestrated tools.  

However, on a closer look a different picture appears. While the “brain” of the attack is new, the network traces it leaves behind still follow patterns that advanced Network Detection and Response (NDR) platforms are built to spot. Exeon.NDR can use behavioral baselines, rich metadata and graph-based models to detect these AI-driven campaigns across their entire lifecycle. 

In this blogpost, we explore how a network-centric approach can unmask Agentic Cyberattacks, how Exeon.NDR would map onto the Anthropic-style scenario, and what security teams can do today to operationalize this detection. 

What are Agentic Cyberattacks? 

Agentic Cyberattacks are campaigns in which AI agents control large parts of the attack chain: planning steps, calling tools, checking results and deciding what to do next. Instead of one script or one exploit, you face a flexible “orchestrator” that can adapt to the environment. 

From Traditional Malware to AI Agents

Traditional attacks often look like this: 

• Human operator choses a target 

• Tools perform scanning and exploitation 

• Scripts or malware run fixed playbooks 

• Operator adjusts the plan when something breaks 

In Agentic cyberattacks, that middle part is automated by an AI Agent. It can: 

• Break work into modular subtasks (scan, exploit, move, exfiltrate) 

• Call tools like scanners and password crackers through APIs 

• Read output logs and choose the next action 

• Optimize for speed and stealth with minimal human input 

The result is an attack that can “think” and iterate quickly once unleashed 

Key Properties of Agentic Operations 

Agentic cyberattacks typically show: 

• High speed: many steps completed in minutes, not days 

• Modularity: small, focused tasks chained together 

• Low human touch: humans only at key decision points 

• Tool centric execution: heavy use of scanners, exploit kits and scripts 

• Consistency: patterns repeat across many targets in a campaign 

From a defensive point of view, this means you must track behavior patterns, not just signatures for one specific malware file. 

Case Study: The Anthropic AI-Agent Espionage Campaign 

Anthropic’s public disclosure describes an adversary that used an AI agent to carry out roughly 80 – 90% of a cyber-espionage campaign, with only 4-6 points where a human operator stepped in. 

You can read their write-up here: 
Disrupting the first reported AI-orchestrated cyber espionage campaign \ Anthropic

High Level Workflow of the Campaign 

According to the disclosure, the AI Agents: 

• Reconnoitered about 30 global targets 

• Identified high-value systems 

• Wrote and refined exploit code 

• Harvested credentials and moved laterally 

• Set up backdoors and exfiltrated data 

• Produced documentation for the human operator 

All of this was driven by increased model capability, agentic task chaining and access to powerful tools. 

Why this Campaign Matters for Defenders 

For defenders, the important point is not just that AI was involved. It’s that: 

• The attack was faster and more persistent 

• Much of the activity followed repeatable patterns across multiple targets 

• The human operator could manage a wider campaign with less effort 

This kind of campaign is likely to appear again. So, the key question is: Can our current tools detect such behavior early enough? 

Why Network-Centric Detection Still Works 

Despite all the sophistication in the “brain” of Agentic Cyberattacks, they still need to move through networks, touch endpoints, look up domains and transfer data. Every one of those steps leaves metadata behind. 

Comparing Network Detection and Response (NDR) to Endpoint and Signature-Based Tools 

Many organizations still lean heavily on: 

• Signature-based tools (IDS/IPS, AV): great for known patterns, but weak against novel attack chains 

• Endpoint tools (EDR/XDR): strong on host-telemetry but can miss lateral movement in unmanaged or legacy devices and may have blind spots in OT or cloud. 

By contrast, NDR focuses on: 

• Network flows and communication patterns 

• DNS, proxy and cloud access metadata 

• Relationship between devices, accounts and services 

This makes NDR well suited to spot: 

• Unusual peer patterns 

• New external connections 

• Sudden jumps in data volume 

• Abnormal use of protocols and ports 

Where Exeon.NDR fits 

Exeon.NDR focuses on: 

• Metadata-centric detection rather than payload inspection 

• Unsupervised machine learning to baseline “normal” behaviour  

• Supervised models to detect known anomaly patterns 

• Graph-based modelling of hosts, flows and peer groups 

This combination is ideal for uncovering the kind of fast, modular, low-footprint workflows seen in Agentic Cyberattacks. 

Phase-by-Phase Detection of Agentic cyberattacks with Exeon.NDR 

Below is a walk-through of how the Exeon.NDR system could detect a campaign similar to the Anthropic case, step by step 

Phase 1: Target selection & reconnaissance 

The AI agent begins external enumeration of assets: scanning domains, performing DNS enumeration, probing services. 

Metadata signals: unusual high-volume DNS queries from an internal or external host; new connections from previously unseen external IPs; set of long-tail domain name lookups or domain-generation-algorithm (DGA)-style names. 

Unsupervised ML baseline detects anomalies, e.g., an unusually high number of distinct DNS queries from a host in a short time window; supervised models flag potential DGA activity. 

Immediate detection alert: Multiple DNS based alerts and based on the attack profile, scanning/recon activities 

Phase 2: Attack-surface mapping & exploit development 

The AI agent identifies vulnerabilities, writes exploit code, and perhaps tests them via small probes. 

Metadata signals: internal host contacting many other internal systems or sub-nets it has never communicated with; use of uncommon protocols or ports; longer-than-usual connection durations or many short link attempts. 

Exeon’s graph modelling can highlight new peer relationships or device clusters that previously had no communication path. 

Detection: “Host A now communicates with devices never seen before in peer group”; “Device initiates many short sessions across internal networks”. 

Phase 3: Credential harvesting & lateral movement 

The AI agent exploits credentials, moves laterally, and escalates privileges. 

Metadata signals: a compromised host initiating sessions to many other hosts in a rapid sequence; authentication events for privileged accounts from unusual machines; internal-to-internal flows with anomalous volumes. 

Exeon’s unsupervised ML picks up anomalies in internal peer-group behaviour, and supervised detections may flag “many-to-many internal sessions from one host” or “administrative protocol from endpoint”. 

Detection: “Lateral movement suspected — host A acting as a new pivot node”. 

Phase 4: Data aggregation & exfiltration 

The AI agent selects high-value data, aggregates it, perhaps compresses or encodes it, and exfiltrates. 

Metadata signals: internal hosts suddenly send higher-than-normal upload volumes; connections from internal device(s) to uncommon external destinations; use of cloud storage or zero-trust services not typically used; flow volumes/times inconsistent with historical baseline. 

Exeon’s graph database ties internal host → internal host → external endpoint chain and risk-scores it. 

Detection: “Potential exfiltration — large upload from internal hosts to external endpoint”; “new external peer for device cluster”. 

Phase 5: Documentation / hand-off & evasive cleanup 

The AI agent produces documentation of the attack and perhaps logs are cleaned up; human operator takes over or moves to next target. 

Metadata signals: internal documentation systems accessed by devices that don’t normally use them; mass deletion or modification of logs; unusual out-of-hours administrative access; legacy/unused host suddenly active. 

Exeon’s metadata baseline detects these deviations; the incident correlation tool shows the full chain. 

Detection: “Unusual host behaviour/access pattern detected; tied to preceding lateral/exfil events”. 

Strengths of Exeon.NDR in detecting agentic cyberattacks 

Because Agentic cyberattacks are fast and modular, detection must be based on behaviour rather than static indicators. Here, Exeon.NDR offers several advantages. 

Metadata-First Analytics in an Encrypted World 

Attackers often rely heavily on encryption, VPNs, and secure tunnels. Traditional payload inspection loses visibility in such an environment 

Exeon.NDR focuses on: 

• Flow metadata (source, destination, ports, volumes, timing) 

• DNS queries and responses 

• Proxy and cloud service logs 

This means that even if the content is hidden, the shape of the communication can still be analyzed. For Agentic cyberattacks, were patterns of rapid, modular activity are key, this metadata is often enough to detect something is wrong 

Graph-Based Modelling and Peer Relationships 

Exeon.NDR builds a graph of: 

• Devices, users and services 

• The relationships between them (who talk to whom, how often and when) 

When an AI agent starts exploring, pivoting and exfiltrating, this graph changes: 

• New edges appear between devices that never communicated before 

• Certain nodes become “hubs” of suspicious activity 

• Clusters form around compromised segments 

Graph-based modeling allows Exeon.NDR to surface these changes quickly, making it easier to see how Agentic cyberattacks progress through your environment. 

Operationalizing Detection in the SOC 

Technology alone isn’t enough. To effectively detect Agentic cyberattacks, SOC teams need to integrate Exeon.NDR into everyday workflows. 

Building Full-Network Visibility 

Organizations should ensure that the following data is ingested in Exeon.NDR: 

• Flow logs (NetFlow/IPFIX, cloud flow logs) 

• DNS logs (internal resolvers, forwarders) 

• Proxy and firewall logs 

• Cloud access logs and key SaaS telemetry 

• Internal peer flows, were available (for data centers and east-west traffic) 

The broader the coverage, the easier it is for Exeon.NDR to detect and correlate the entire attack chain. 

Tuning Baselines in a Changing Environment 

Unsupervised ML relies on accurate baselines. When the environment changes, for example, during a cloud migration, major SaaS deployment or office move, you should: 

• Revisit baselines for key segments and device groups 

• Communicate planned changes to the SOC so short-term anomalies are understood 

• Use Exeon.NDR’s tuning options to prevent noise while still catching real issues 

This ensures to be able to distinguish between genuine Agentic cyberattacks and harmless business changes. 

Integrating Exeon.NDR Alerts into IR Workflows 

For maximum value: 

• Feed Exeon.NDR alerts into your SIEM or SOAR platform 

• Enrich alerts with context: device role, owner, peer relationship, previous incidents 

• Define clear playbooks for recon, lateral-movement and exfiltration alerts 

• Automate initial steps (for example, isolating suspicious hosts or blocking outbound connections) where your risk appetite allows 

This shortens the gap between detection and response, which is critical when AI agents can move quickly. 

Best-Practice Checklist for Defenders 

Here is a concise checklist to improve resilience against Agentic cyberattacks using Exeon.NDR: 

• Ensure full visibility across on-prem, cloud and remote networks 

• Ingest DNS, flow, proxy and cloud logs into Exeon.NDR 

• Maintain and review baselines, especially after major changes 

• Use both unsupervised and supervised detections, don’t rely on signatures alone 

• Integrate alerts into SOC workflows and automate were sensible 

• Run simulations of AI-style campaigns and tune based on findings 

• Combine NDR with endpoint, identity and cloud security controls 

• Focus on risk-scoring and alert fusion to handle high anomaly volumes 

Conclusion 

The escalation of AI-agent-orchestrated cyber-attacks, such as the campaign disclosed by Anthropic, emphasizes the need for advanced detection methods. A platform like Exeon.NDR, which operates on network metadata, uses both supervised and unsupervised machine learning, models peer/flow graphs, and delivers cross-source incident correlation, is well-positioned to detect the modular, high-speed, low-footprint workflows characteristic of such attacks. 

While no single tool guarantees detection of all attacks, by combining full-network visibility, anomaly detection and incident correlation, defenders can significantly reduce attacker dwell time and improve their resilience to the next generation of AI-driven threats.