{"id":5863,"date":"2026-07-18T19:02:16","date_gmt":"2026-07-18T23:02:16","guid":{"rendered":"https:\/\/workai.tv\/news\/2026\/07\/ai-agents\/ai-agents-could-make-living-off-the-land-attacks-much-more-dangerous-says-crowdstrike-field-cto\/"},"modified":"2026-07-18T19:02:16","modified_gmt":"2026-07-18T23:02:16","slug":"ai-agents-could-make-living-off-the-land-attacks-much-more-dangerous-says-crowdstrike-field-cto","status":"publish","type":"post","link":"https:\/\/workai.tv\/news\/2026\/07\/ai-agents\/ai-agents-could-make-living-off-the-land-attacks-much-more-dangerous-says-crowdstrike-field-cto\/","title":{"rendered":"AI agents could make living off the land attacks \u2018much more dangerous\u2019, says CrowdStrike Field CTO"},"content":{"rendered":"<h2>Share with your CISO<\/h2>\n<p>CrowdStrike&#8217;s Field CTO for Europe, Zeki Turedi, argues that AI agents dramatically expand the blast radius of living off the land attacks, where attackers use a company&#8217;s own legitimate tools against it rather than importing malware. Where compromising PowerShell gave an attacker a limited foothold, a compromised agent carries full user-level privileges and can theoretically touch every system in the enterprise. CrowdStrike&#8217;s 2026 Global Threat Report confirms this isn&#8217;t hypothetical: threat actors have already abused <a href=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/compromised-ai-agents-could-make-living-off-the-land-attacks-much-more-dangerous-says-crowdstrike-field-cto\" target=\"_blank\" rel=\"noopener nofollow\">enterprise AI chatbots and assistants<\/a> to generate malicious commands and steal credentials at dozens of organizations globally.<\/p>\n<h2>What this means for your business<\/h2>\n<p>The severity of this threat scales directly with how much autonomy you have already granted your agents. Organizations that gave agents broad access to accelerate deployment, which was most of them, have quietly handed attackers a master key. The identity governance question is the sharp edge here: a Cloud Security Alliance survey found 68% of security teams cannot reliably distinguish agent activity from human activity on their networks, which means existing detection logic is partially blind by design.<\/p>\n<p>The compounding problem is that most enterprise identity infrastructure was built to manage humans, and it struggles even at that. Layering non-human agent identities, and then chains of sub-agents spawning further sub-agents, onto already strained IAM (identity and access management, the system that controls who or what can access which resources) frameworks doesn&#8217;t just add complexity linearly. It multiplies the number of unmonitored identities attackers can impersonate or hijack. Turedi&#8217;s framing of &#8220;living off the AI land&#8221; is precise: the attack surface isn&#8217;t a new vulnerability, it&#8217;s the productive surface area enterprises intentionally created and then failed to instrument.<\/p>\n<p>CrowdStrike has an obvious interest in positioning agentic AI as a category-defining threat, since that argument sells more platform coverage, but the underlying dynamic holds regardless of who&#8217;s making it. The same adversarial pattern played out with cloud and then SaaS adoption: attackers followed enterprise investment and built capability against the new target. There is no reason to expect agents to break that pattern. The CISO who waits for a clean agent-specific security framework before acting is making a bet that attackers will wait too, and that bet has been wrong at every prior technology inflection point.<\/p>\n<h2>Concept deep-dive: Living off the land attacks<\/h2>\n<p>A living off the land attack means an intruder does their damage using tools that are already installed and trusted inside your environment, think PowerShell, remote management software, or now AI agents, rather than smuggling in custom malware. Because the attacker&#8217;s traffic looks like normal operations, signature-based detection misses it entirely. The Salt Typhoon group sat inside US National Guard networks for nearly a year this way. The business risk is that your approved tooling becomes the weapon, and your monitoring tells you everything is fine.<\/p>\n<p><em>Based on reporting from <a href=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/compromised-ai-agents-could-make-living-off-the-land-attacks-much-more-dangerous-says-crowdstrike-field-cto\" target=\"_blank\" rel=\"noopener nofollow\">AI agents could make living off the land attacks \u2018much more dangerous\u2019, says CrowdStrike Field CTO<\/a>, originally published 2026-07-17 04:13:00.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Share with your CISO CrowdStrike&#8217;s Field CTO for Europe, Zeki Turedi, argues that AI agents dramatically expand the blast radius of living off the land attacks, where attackers use a company&#8217;s own legitimate tools against it rather than importing malware. Where compromising PowerShell gave an attacker a limited foothold, a compromised agent carries full user-level [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5864,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[142],"tags":[238],"tmauthors":[],"class_list":["post-5863","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ai-agents","tag-ciso"],"_links":{"self":[{"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/posts\/5863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/comments?post=5863"}],"version-history":[{"count":0,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/posts\/5863\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/media\/5864"}],"wp:attachment":[{"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/media?parent=5863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/categories?post=5863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/tags?post=5863"},{"taxonomy":"tmauthors","embeddable":true,"href":"https:\/\/workai.tv\/news\/wp-json\/wp\/v2\/tmauthors?post=5863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}