The AI Threat You Aren’t Seeing Is Already in Your Environment
By Bruce Johnson, Vice President, Solutions and Dr. Jason Green, Solutions Engineer
The AI Threat You Aren’t Seeing Is Already in Your Environment …and by the time it surfaces in your TDIR stack, the window to get ahead of it has already closed.
Over the past month, we’ve sat across from a variety of cybersecurity leaders and asked them a single question: “How many of you have detected AI-driven threat activity against your attack surface in the last 90 days?”
So far, very few hands have gone up. That answer should not be reassuring. It should be the most alarming data point in your week.
Here’s why. At TekStream, we’ve been running a proactive, AI-focused deception engineering capability powered by our Cosmos platform, inside our customer environments. The pattern we’re seeing is uncomfortably consistent and worth calling out. Across our ecosystem, every deployment is surfacing corroborated, high-confidence agentic activity within its first weeks of operation. Not single-decoy hits, but sustained patterns that clear our cross-axis confidence threshold.
The gap between what the field believes is happening and what we are measuring is what we want to share, and it’s the gap TekStream Proactive Cyber Defense was built to close. Proactive Cyber Defense is the operational service we deliver across our customers’ existing security environments. It’s powered by Cosmos, our Cyber Defense intelligence platform, but it isn’t a platform in isolation. It’s expert-operated, continuously improving defense that sits alongside the MDR, SIEM, XDR, cloud, identity, and endpoint investments you already have. No rip-and-replace, no platform lock-in. The point is to extend the work your SOC is already doing into the operational space before the ticket gets opened.
Operationally, that means engaging the adversary across the full risk continuum:
- Projected risk: the exposures and attack paths an adversary could target. The service surfaces and prioritizes them continuously, before anyone interacts with them. Traditionally this would be covered in Risk and Adversary Intelligence efforts.
- Observed risk: what the adversary is actively probing. This is where Cosmos’s adaptive deception lives, and where the data above is coming from. This is essentially dynamic adaptive deception, an AI-Trap.
- Realized risk: what’s already executing in your environment. Detection logic synthesized from observed adversary behavior flows into your existing SIEM, MDR, and XDR, and feeds the incident response and remediation workflows your team already operates; essentially continuous threat detection and incident response (TDIR).
If you’re relying on traditional threat detection, investigation, and response to get ahead of an AI-driven threat, you’re too late by design. Most of us have already acknowledged that, especially after the recent Mythos disclosures. The response to AI threats can’t be piecemeal and it can’t wait on a search traversing 20 billion+ rows to detect signal from noise. It has to engage the adversary early and continuously: before exposure translates into opportunity, during active probing, and through to remediation. Proactive Cyber Defense is how we deliver that today, across whatever security stack you already operate.
Why CISOs might not be seeing this on their own surfaces
When we share our findings, the most common reaction is some version of: “If this were happening to us, we’d know.” Respectfully, I’m not sure that’s true, and the reason has nothing to do with the talent of your SOC analysts.
The typical detection stack isn’t yet designed to label this. EDR, SIEM, NDR, and identity tooling fire on tactics we’ve trained them to recognize. “This session behaves like an autonomous agent” is not a TTP. It’s a behavioral fingerprint, and the analytical discipline for recognizing it, AI Behavior Analytics (AIBA), is still being built. AIBA sits parallel to UEBA and NTBA, asking a different question: not who the user is or what the network is doing, but whether the entity on the other end of the session is reasoning. It sits orthogonally to the indicators most platforms surface. It isn’t simply a matter of velocity or sophistication, although those are relevant. There are distinct behavioral signatures that identify an attack as AI-driven, and we’re busy gathering those across the deployments running in the service today. The activity is almost certainly hitting your sensors, it just isn’t being named.
Your production surface is also too noisy to see the signal cleanly. Legitimate automation, scripted workflows, and routine user behavior camouflage AI-driven activity. A purpose-built deception surface inverts that problem: by default, any interaction is suspicious, which is why Cosmos can corroborate AI activity in minutes that production telemetry might not surface for weeks.
That inversion is what makes deception engineering a measurement instrument, not just a defense tool. Two mechanisms drive it. The first is breadcrumbing: lure artifacts deployed in production that are invisible to legitimate users and irresistible to enumeration with adversarial intent. The second is adaptive decoy environments that respond to the actor’s actions in real time. Breadcrumbing acquires the adversary; adaptive decoys characterize them. Without both, you’re running passive honeypots and hoping.
In an AI-driven deception platform, the AI is dynamic. It’s focused on the depth and reactivity required to detect AI-based attacks, rather than the static, deterministic behavior of traditional honeypots. We assume the ways AIs detect a deceptive environment will be varied, and one of those dimensions is the static, deterministic nature of the traffic and the platform itself. Cosmos is built specifically against that assumption.
And the industry is still framing all of this in the future tense. Vendor decks, analyst reports, and keynotes continue to describe AI-enabled threats as emerging. That framing is itself a vulnerability. It gives security organizations permission to treat the category as a 2027 problem. Our data says 2027 arrived quietly sometime last year. We’ve been building toward this across MROC, Cosmos, and detection engineering long before the recent industry attention on Mythos forced everyone else to take it seriously.
What AI-driven activity actually looks like
We should be specific, because the worst version of this conversation is hand-waving about AI threats without describing what we’re actually seeing. Across the Cosmos cohort, the signal clusters around four behaviors.
Machine-speed reconnaissance with non-human cadence. Enumeration patterns that no operator would produce by hand: parallelized, rate-controlled to evade naive thresholds, and timed in ways that suggest scheduling logic rather than a human at a terminal. This pattern typifies script-driven automation as well, so on its own it isn’t a high-confidence indicator. It’s a starting point that has to be corroborated.
Adaptive engagement with decoys. Sessions that pivot: they probe a decoy, get a response, and adjust their next action based on what the response implied. More importantly, when the decoy environment itself shifts in response to the actor’s behavior, the actor reasons about the shift rather than treating it as noise. That isn’t a scanner. That’s something reasoning about an environment in real time.
Natural-language artifacts with generative-model fingerprints. Phishing payloads, command sequences, and social engineering content carrying the stylistic and structural markers of LLM-generated text, at volume, with personalization no human campaign would invest in for a low-value target.
Context-aware credential probing. Credential testing that adapts to the responses it receives, with response-dependent behavior that suggests agentic orchestration rather than brute force.
Any one of these in isolation could be argued away. The combination, observed daily, across every customer in the cohort, cannot.
Aren’t you just measuring scanner noise on decoys?
This is the most thoughtful objection we hear from CISOs, and it deserves a direct answer. Cosmos does not label activity AI-driven because a session tripped a decoy. We measure attack volume and velocity, of course, but a high-confidence label requires corroboration across four axes (Behavioral, Environmental, Cross-cohort, and Causal), with multiple sources backing each classification. That source pool grows as threat-list providers adopt AI-threat classifiers of their own.
Single-decoy hits do not corroborate. The activity we’re describing does, which is why every customer clears the threshold, every day, multiple times a day.
How Proactive Cyber Defense operationalizes the findings
Continuous defense in this model isn’t a separate paradigm. It’s an operational overlay that sits across the security stack you already operate, organized around four interlocking pillars.
Risk and Adversary Intelligence continuously maps attack paths and prioritizes exploitable exposure across cloud, identity, endpoint, infrastructure, and application layers. With our MROC and vulnerability analyses, that mapping extends to AI-specific exposure: what an adversary could target, surfaced before they get the chance. This pillar operates against projected risk.
Adaptive Deception, the Cosmos capability behind the data above, combines breadcrumbed production surfaces with dynamic decoy environments to surface real adversary TTPs in controlled space before production is compromised. Breadcrumbs draw the adversary onto the deception surface; the adaptive environment characterizes them, generating the labeled interaction data that feeds AIBA fingerprinting. This pillar operates against perceived risk.
Continuous Threat Detection and Incident Response closes the loop. It synthesizes observed adversary behavior, threat intelligence, and emerging vulnerability data into consumable detection logic compatible with your existing SIEM, MDR, XDR, and SecOps platforms or security “fabric” solutions, and it feeds the incident response and remediation workflows your team already operates. Detection and remediation strengthen each other on every cycle. This pillar operates against realized risk.
A continuous learning loop ties it all together. Every hunt, every exposure, every detection, and every adversary interaction strengthens the next operational cycle, and the longer the service runs, the sharper the defense becomes.
That’s the operating model: a service that engages the adversary across projected, perceived, and realized risk, alongside the MDR, SIEM, and XDR investments you’ve already made, not in place of them.
Suggested Response
Two things.
One: reassess the assumption. Before your next steering committee, ask your detection and exposure management teams a precise question: if an autonomous adversary were operating against our environment right now, which of our controls would label it as such, and how early in the continuum would we see it? If the honest answer is “we’d catch some activity after the fact, but we wouldn’t see it during reconnaissance or active probing,” that’s a finding, and it’s the finding our data suggests you should expect.
Two: come look at the data. Our cohort is approachable and open for discussion and can offer something most vendors cannot: a direct conversation about what we’re seeing in Cosmos, with the underlying corroboration, against the backdrop of your environment. Because Proactive Cyber Defense is designed to deploy alongside your existing tooling, there’s no architectural commitment required to start comparing notes.
The CISOs we talk to are not complacent. They are operating with the instrumentation the industry gave them, against an adversary the industry is still describing in the future tense. Our data says the future tense is wrong. The activity is here. The only open question is whether you can see it, and whether you can see it early enough in the continuum to matter.
About the Authors
Dr. Jason Green is a Cybersecurity Solutions Architect at TekStream, where he has pioneered research into deception engineering in addition to managing leading-edge SOCs and training more than 100 analysts. He helps drive the deception engineering capabilities delivered through TekStream Proactive Cyber Defense.
Bruce Johnson is Vice President, Solutions at TekStream, where the team builds and delivers TekStream Proactive Cyber Defense, an expert-operated, AI-augmented service that continuously hardens enterprise security operations across existing environments, powered by the Cosmos Cyber Defense intelligence platform. To see the Cosmos data or join the program, reach out!