Compromised AI agents could make living off the land attacks ‘much more dangerous’, says CrowdStrike Field CTO
Living off the land attacks are evolving rapidly as threat actors target agents with deep access to enterprise networks and sensitive data.
Living off the land (LOTL) attacks are a worst-case scenario for enterprises globally, with hackers lurking in networks, extracting sensitive data, and biding their time before wreaking havoc.
These attacks rely on weaponizing the legitimate software and tools used by enterprises, and they're by no means a new trend.
Research from Bitdefender, for example, found 84% of major cyber attacks leverage these techniques, and security teams globally have developed an array of detection capabilities aimed at combatting the threat.
But the dangers posed by these methods could escalate with the arrival of AI agents, according to CrowdStrike Field CTO Zeki Turedi. Speaking to ITPro, Turedi said the deep access given to agents across enterprise IT estates represents a huge threat if even just one were to be compromised or manipulated.
“Organizations are giving them [agents] full access. They're giving them full capabilities. They will have the full privilege of the human user,” he told ITPro.
Turedi pointed to previous LOTL techniques that involved compromising tools like PowerShell. While this gave users access to valuable data, the risk with agents is drastically higher given how they operate, and, crucially, where they can go within networks.
“They also have further reach across an enterprise,” he said. There’s only so much PowerShell can touch or manipulate or modify, but an agent theoretically can touch every single part of that organization's technology ecosystem and architecture.”
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
“This is where it makes it so much more dangerous.”
Living off the land attacks are evolving
Findings from CrowdStrike’s 2026 Global Threat Report show these risks aren’t just theoretical, they’re now a reality, and the same logic with traditional LOTL attacks is being applied to agents.
Indeed, the cybersecurity firm has observed threat actors exploiting legitimate AI tools at dozens of organizations globally. In these cases, AI systems such as chatbots and assistant were abused to generate malicious commands and steal sensitive data.
The goal here is often focused on credential theft for initial access brokers, attacks later down the line, and even cryptocurrency theft. All typical hallmarks of financially motivated cyber criminals.
LOTL attacks have also become a go-to method for highly sophisticated, state-sponsored threat actors. As ITPro reported last year, the infamous Salt Typhoon threat group laid low in compromised US National Guard networks for nearly a year, accessing sensitive military and law enforcement data.
It’s here where risks are even higher as government departments and public sector organizations begin exploring the use of agents. A recent study from McKinsey, for example, found agentic AI is emerging as a key focus area for public sector organizations in the US.
Keeping up with hype cycles
Turedi told ITPro the focus on agents isn’t surprising given that threat actors will “follow the technology landscape that their victims are looking to invest in”.
“We've seen this time and time again. So previously, we saw as cloud got adopted, funnily enough, adversaries became very capable in cloud,” he noted.
“When organizations started to be more focused and store sensitive data in SaaS applications, SaaS tools, guess what? We saw adversaries go after the SaaS applications.”
Turedi added that the pace of change within the generative and agentic AI space, combined with rapid adoption efforts, could create additional challenges moving forward.
Enterprises across a range of industries are diving headlong into the hype cycle, and threat actors are keen to capitalize on the confusion and lack of risk awareness with the technology.
“This is just a brand new technology landscape that organisations are investing in,” he commented. “And of course, the adversary is very, very aware that for multiple reasons this is a great opportunity.”
“There’s a lot of confusion,” Turedi added. “There’s a lot of lack of knowledge and expertise in this space.”
An identity conundrum
According to Turedi, a key concern surrounding ‘living of the AI land’ attacks, as CrowdStrike dubs them, is that many organizations lack the visibility or governance capabilities to adequately monitor what’s going on with these bots.
This has become a recurring talking point since the advent of agents. Research from Ping Identity in March this year specifically highlighted IT architecture visibility as a key concern for enterprises rolling out agents.
The sheer volume of agents is jarring for security teams, the study noted, but things are exacerbated by sub-agents, essentially creating chains of untraceable bots – an ideal target for stealthy threat actors.
Identity is another area of concern, Turedi noted, albeit one within a broader range of overlapping considerations for security teams. He noted that efforts to improve processes on this front are falling flat.
Many organizations are working with infrastructure or tools that were struggling to manage human identities in the first place. Adding agents into the mix further compounds the problem.
“The problem we see is that a lot of organizations are only starting to think about things like identity security or IAM (identity and access management) hygiene,” he said. “These are typically infrastructures and architectures that were not designed for modern human identity usage, never mind for the AI identity usage.”
With living off the land attacks, the whole advantage for the attacker is that they’re blending into IT environments. They’re using your tools and software and thrive on the confusion. With agents, Turedi said this adds further complexity in terms of identifying what actions are legitimate and potentially nefarious.
“It's actually quite difficult to figure out if it's AI usage on an identity layer,” he said. “Can you truly say that that's a human accessing the network versus that's an AI agent accessing the network on behalf of a human?”
A recent survey from the Cloud Security Alliance (CSA) raised similar concerns with regard to agent identity. More than two-thirds (68%) of respondents said they couldn’t accurately identify agent activity compared to human activity.
Turedi said it’s crucial to have “data from multiple different domains” when it comes to monitoring agent activity, taking into account applications, endpoints, and broader network traffic and “marrying them together” for a clearer picture.
“You need to be looking at the identity layer, you need to be looking at the endpoint, you need to be looking at the application layer,” he said.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.
-
Lenovo Think Tab X11 ReviewReviews The first-Android-based rugged tablet from Lenovo is perfect for remote enterprise workers
-
1Password teams up with Anthropic to give Claude access to your credentialsNews A new ‘zero-exposure’ security framework allows agents to use stored credentials in the 1Password vault
-
Databricks launches AI co-worker, Genie OneNews The AI program is designed to help business teams manage workflows and automate work-related tasks
-
HPE AI Factory adds features to improve your experience with agentsNews The HPE AI Factory will now offer the Nvidia Agent Toolkit software, such as Nvidia Nemotron open models and Nvidia NemoClaw
-
'Most enterprises are still unprepared to operationalize it': IT leaders are bullish on agents, but keeping falling at the final hurdle – here's whyNews Forrester points to challenges scaling agentic AI, saying companies start rolling out the tech before they're ready to scale
-
'One-size-fits-all' agent governance sets enterprises up to failNews Gartner recommends a graded approach for agents, depending on their level of autonomy
-
Google adds AI to the search boxNews Major changes for how Google's search functions with the integration of AI tools
-
Dell unveils Deskside Agentic AI at Dell Technologies World 2026News Deskside Agentic AI is the latest in the Dell AI Factory with Nvidia stable, with the company saying it further demonstrates its end-to-end enterprise AI capability
-
AI agents aren’t cutting it in customer serviceNews Three-quarters of companies have had to pause or halt deployments of AI agents in customer service