The SFC circular distributed to Hong Kong's licensed firms this week named AI-driven attacks as an emergent risk category without specifying the mechanism by which those attacks would differ from existing threat patterns. The mechanism is already shipping. An AI-assembled ransomware kit documented by security researchers this week automates Active Directory enumeration via LDAP traversal, generates the full attack chain without operator expertise, then deploys a process-injection technique timed to blind the EDR agent before the payload executes. EDR bypass is not the payload. It is step two of four, completed in the automated pre-execution phase before any analyst alert fires.

HKMA's Technology Risk Management guideline (SPM TM-G-1) and MAS's 2021 Technology Risk Management Guidelines both list endpoint detection and response among the mandated controls for licensed financial institutions in their respective jurisdictions. The SFC circular warned of AI-driven attacks. The AI-assembled kit circulating this week lists disabling that mandated control as step two of four, before payload delivery. Neither framework was written for a tool class that treats the mandated defense as the primary attack surface. MAS's 2021 TRM Guidelines require notification within one hour of a confirmed severe incident; the AD-enumeration-to-EDR-bypass sequence in this kit reaches domain controller level in under ten minutes on a default domain configuration.