Cyber threat hunting is about detecting remnant of attackers’ activities that bypassed all passive network and data protection mechanisms before they meet their objectives (from Exploitation to Actions on Objectives stage of the Cyber Kill Chain model). Cyber defense and protection mechanisms are only good in thwarting risk of script kiddies and stand-alone hackers but are of little use against funded (i.e. state sponsored) hacking teams. Once an organization is in the target list of an Advanced Persistent Threat (APT) actor, the APT actor is not giving up until bypassing all layers of passive defense mechanisms. Upon having a foothold in the target network, attackers tend to only use normal administrative tools to install their tools on as many nodes in the target network as possible and set up C2 connections to achieve their objectives. This would make finding attackers who bypassed passive detection and prevention mechanisms significantly difficult. Active AI agents can be used to support threat hunters and forensics investigators in finding remnants of residual adversaries in an enterprise in a timely manner.