Sophos researchers uncovered a threat actor utilizing AI-native development tools, specifically the Cursor IDE and Claude Opus, to build and iteratively test a post-exploitation framework designed to evade major EDR solutions. The framework automates the ingestion of public security research to generate and refine custom Rust and Go payloads, ultimately supporting ransomware and data theft operations.