/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/11/03/cyber-shadows-threaten-india-2025-11-03-14-03-30.jpg)
CrowdStrike has released its 2026 Global Threat Report, warning that artificial intelligence is accelerating adversary activity and broadening the enterprise attack surface. In 2025, the average eCrime breakout time fell to 29 minutes, with the fastest observed breakout occurring in 27 seconds. The report also finds that attackers are directly targeting AI systems, injecting malicious prompts into generative AI tools at more than 90 organisations and exploiting vulnerabilities in AI development platforms.
AI-enabled adversaries increased operations by 89% year on year, using AI to enhance reconnaissance, credential theft and evasion. Intrusions increasingly move through trusted identities, SaaS applications and cloud infrastructure, blending into legitimate activity and reducing defenders’ response times. According to the report, AI is both accelerating attacks and becoming a primary target.
AI Expands the Enterprise Attack Surface
Drawing on intelligence tracking more than 280 named adversaries, the report highlights growing use of AI by both nation-state and eCrime actors. Russia-linked Fancy Bear deployed LLM-enabled malware known as LAMEHUG, while eCrime actor Punk Spider used AI-generated scripts to accelerate credential dumping and remove forensic traces. DPRK-linked Famous Chollima used AI-generated personas to scale insider operations.
China-linked activity rose by 38% in 2025, with the logistics sector experiencing an 85% increase in targeting. Sixty-seven per cent of exploited vulnerabilities attributed to China-linked actors enabled immediate system access, and 40% targeted internet-facing edge devices. DPRK-linked incidents increased by more than 130%, with Pressure Chollima responsible for a reported USD 1.46 billion cryptocurrency theft.
The report also notes that 42% of vulnerabilities were exploited before public disclosure, as attackers increasingly weaponised zero-day flaws. Cloud-focused intrusions rose by 37%, including a 266% increase in activity by state-linked actors targeting cloud environments for intelligence collection.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, described the current environment as an AI arms race, stating that adversaries are compressing the time between initial access and lateral movement, requiring security teams to respond more rapidly than ever.