Securing the Age of Agentic AI: Why Starseer Partnered with SCYTHE

By Tim Schulz, CEO and Co-Founder, Starseer

Would you know if an adversary was using your AI infrastructure against you?

Over the past two years, enterprises have been racing to deploy AI. Agents, local model runtimes, experimental workloads, fine-tuning pipelines. The pressure to capture efficiency gains and competitive advantage has made rapid AI rollout table stakes for most organizations. In that haste to experiment and iterate, something else has been accumulating: AI infrastructure debt. Models downloaded from public repositories. Inference engines running on servers and endpoints. Agent frameworks executing chained prompts and tool calls. Experimental systems that never passed through security review.

Much of this lives outside traditional security visibility. And increasingly, adversaries are learning how to exploit it.

The recently disclosed "LameHug" malware family demonstrated how large language models can be weaponized to drive automation, decision-making, and adaptive intrusion behavior. Claude and Claude Code have been used to orchestrate real-world cyber attacks against businesses. OpenAI's Codex is hitting "Cybersecurity High" on their preparedness framework. Researchers are already exploring C2-less malware driven by non-frontier AI models.

The attack surface is expanding faster than most security programs can adapt.

From Policy Violation to Operational Threat

Most organizations still think about Shadow AI as a compliance problem. Employees using ChatGPT when they shouldn't. Data leaking into third-party models. Policy-level mitigations to discourage well-intentioned people from using unapproved tools.

That framing misses the bigger risk.

Shadow AI isn't just about unapproved tools employees use. It's accumulated infrastructure (models, runtimes, agent frameworks) that can be co-opted by adversaries who gain access to your environment. Post-breach, an attacker doesn't need to introduce new malware. They can simply use the AI infrastructure you've already deployed. In cybersecurity, we tend to refer to this as “living off the land”.

The parallel here goes beyond data loss prevention to mirror insider threat detection and threat hunting.

Security teams understand how to detect when a legitimate user account starts behaving like a threat actor. They understand how to hunt for adversaries who have established persistence and are moving laterally through an environment. The challenge with AI infrastructure is that the same capabilities that make it useful (autonomy, tool use, adaptive decision-making) make it dangerous when turned against you.

The question shifts from "are our employees using AI responsibly?" to something more serious: can we detect when AI becomes an autonomous threat orchestrator operating inside our own network?

The Detection Gap

For decades, security teams have built mature practices around testing and defending endpoints, networks, identities, and cloud infrastructure. Red teaming, purple teaming, Continuous Threat Exposure Management (CTEM). These programs help organizations proactively validate controls and reduce real-world risk.

But most organizations have no equivalent capability for AI.

Most security teams currently lack the visibility to accurately assess this risk and business impact:

• Which AI models are actually running in our environment right now?
• Can we detect a tampered or malicious model variant?
• Can we see when an AI system is being used as part of an attack chain?
• Can we prove to regulators and executives that our controls actually work against adversarial AI?

Traditional security tooling wasn't designed for this. You can't detect what you can't see. And you can't validate what you can't test.

Detection Engineering for AI

At Starseer, we've been building the capability to close this gap.

Our focus is AI Runtime Assurance and Detection Engineering, giving defenders deep visibility into AI models, how they behave, and how they can be abused. Think of it as the kind of inspection and analysis capability that EDR brought to endpoints, but purpose-built for AI infrastructure.

We help security teams understand how different model versions have changed over time. We surface behavioral anomalies that indicate tampering or misuse. We provide the forensic depth required to analyze model provenance and adversarial manipulation.

But visibility alone isn't enough. Knowing what AI is running in your environment is necessary, but it doesn't tell you whether your defenses actually work when an adversary tries to exploit it.

Why SCYTHE

Security programs learned a long time ago that you can't just deploy controls and assume they work. You have to test them. You have to emulate realistic adversary behavior and validate that your detections trigger, your response processes engage, and your team knows what to do.

This is the foundation of red teaming, purple teaming, and Continuous Threat Exposure Management. It's also exactly what's been missing for AI security.

To secure AI as an attack surface, organizations need to be able to safely emulate AI-driven attack paths, build detections that identify misuse of AI assets, validate whether those controls actually fire under realistic conditions, and produce defensible evidence for audits, regulators, and boards.

This is why we partnered with SCYTHE.

SCYTHE has built the standard for adversary emulation and exposure validation. They understand how to extend CTEM into new domains. They've helped organizations move from hoping their controls work to proving it through continuous, realistic testing.

Together, we're combining SCYTHE's ability to emulate advanced adversary tradecraft with Starseer's depth of visibility into AI models and their behavior. SCYTHE brings the attack simulation. We bring the AI inspection and assurance. The result is the ability to triage AI assets across the enterprise, safely emulate AI-native attack workflows, validate whether detections trigger as expected, and produce evidence that stands up to scrutiny.

Shadow AI Readiness Assessments

Our first joint offering is a Shadow AI Readiness Assessment, designed to help organizations understand whether they're prepared for AI-native attacks.

The assessment validates organizational readiness across three areas:

Detection. Can you identify unauthorized, tampered, or malicious AI models already present in your environment? Does your Shadow AI discovery solution work on endpoints and servers in addition to cloud infrastructure? Many enterprises have AI runtimes deployed on endpoints and servers that security teams don't know about. The first step is knowing what's there.

Response. Can you detect and respond when adversaries co-opt AI infrastructure for agentic operations? This goes beyond asset inventory to active detection, identifying when AI systems are being used as part of an attack chain and triggering appropriate response.

Forensics. Can you analyze model provenance, tampering, and adversarial use with defensible forensic depth? When an incident occurs, you need to understand what happened, how the AI was manipulated, and whether you can trust the models still running in your environment.

This extends Continuous Threat Exposure Management into the AI domain. It brings AI assurance directly into existing red, blue, and purple team workflows. And it produces the kind of evidence that regulators, auditors, and boards are going to start demanding as AI becomes embedded in critical business operations.

The Question Every Security Leader Should Be Asking

The conversation about AI security has been dominated by guardrails and content filtering, preventing models from saying things they shouldn't. That matters, but it's not the whole picture.

The harder question isn't whether you're using AI safely. It's whether you'd know if AI was being used against you.

AI infrastructure is already inside your enterprise. Some of it you deployed intentionally. Some of it showed up without formal approval. Some of it you've forgotten about entirely. Adversaries are learning that this infrastructure represents a new class of foothold, one that doesn't require introducing new malware, one that leverages the autonomy and capability you built for legitimate purposes.

The organizations that get ahead of this will be the ones that treat AI as an attack surface, not just a tool. The ones that extend their threat exposure management programs to include AI models, agents, and runtimes. The ones that don't just hope their defenses work, but validate them against realistic AI-native attack paths.

That's what we're building with SCYTHE. And that's why this partnership matters.

‍