Advanced Persistent Threats (APTs) have emerged as one of the most consequential categories of cyberattacks, causing widespread damage to enterprise infrastructure, critical systems, and national security. In response, the research community has made substantial progress in APT detection and defense, especially through the development of provenance-based intrusion detection systems (PIDS). Despite these advances, significant gaps persist between academic research and operational practice. First, complex graph-learning-based detectors incur high computational overhead, excessive detection latency, and degraded performance under the bursty, irregular workloads common in production environments. Second, the absence of systematic, scalable methods for generating realistic APT attack scenarios limits the thoroughness with which defense systems can be stress-tested. Lastly, the field continues to be constrained by the scarcity of comprehensive, realistic, and up-to-date benchmark datasets for APT intrusion detection research. This dissertation addresses these three operational gaps through ML and AI, particularly generative AI. It defines, analyzes, and proposes solutions for: (1) efficiency challenges in provenance-based intrusion detection; (2) the absence of systematic, scalable methods for generating realistic, causality-preserving APT attack scenarios for rigorous red-team evaluation; and (3) the scarcity of comprehensive, realistic, and up-to-date benchmark datasets for APT intrusion detection.