CrowdStrike released its 2026 Global Threat Report on Monday, documenting an 89% year-over-year increase in AI-enabled adversary operations. The report states that AI is now driving faster and stealthier attacks while simultaneously becoming a target itself. Intelligence drawn from over 280 named threat actors reveals that the average “breakout time”—the period from initial breach to lateral movement across a network—fell to 29 minutes in 2025.

This represents a 65% increase in speed compared to 2024. The fastest observed breakout took just 27 seconds, and in one specific instance, data exfiltration began within four minutes of initial access. Additionally, 82% of detections were malware-free, continuing a trend toward credential theft and identity-based intrusions.

Adversaries are targeting AI systems directly. Malicious prompts were injected into generative AI tools at more than 90 organizations to steal credentials and cryptocurrency. Attackers exploited vulnerabilities in AI development platforms to deploy ransomware and published rogue AI servers to intercept sensitive data. On the offensive side, Russia-linked group FANCY BEAR deployed LAMEHUG, an LLM-enabled malware identified by Ukraine’s CERT-UA in July 2025. LAMEHUG uses the Qwen2.5-Coder-32B-Instruct model to dynamically generate reconnaissance commands.

You Might Also Like
In this article, we covered what are Whatsapp communities, how they work, and other new features that will be introduced in the update.
Whatsapp will introduce Communities soon: 2GB file sharing and more on the way
Delete these apps before it’s too late
Delete these apps before it’s too late
What is Facebook's new 'Privacy Center' and how does it work?
What is Facebook’s new ‘Privacy Center’ and how does it work?

Cybercriminal group PUNK SPIDER utilized AI-generated scripts to accelerate credential dumping and destroy forensic evidence. North Korea-linked FAMOUS CHOLLIMA leveraged AI-generated personas to scale insider threat operations.

Nation-state activity escalated significantly. China-linked cyber operations rose 38% in 2025, with the logistics sector seeing an 85% increase in targeting. Sixty-seven percent of vulnerabilities exploited by China-nexus actors delivered immediate system access, while 40% targeted internet-facing edge devices.

North Korea-linked incidents surged more than 130%, with FAMOUS CHOLLIMA’s activity more than doubling. PRESSURE CHOLLIMA’s $1.46 billion cryptocurrency theft was flagged as the largest single financial heist ever reported.

Cloud-focused intrusions rose 37% overall, including a 266% increase from state-backed actors targeting cloud environments. Forty-two percent of vulnerabilities were exploited before public disclosure as attackers weaponized zero-day flaws. CrowdStrike President Michael Sentonas stated, “Prompts are going to be the new malware.”

Featured image credit