CrowdStrike Report Reveals Alarming Surge in AI-Driven Cyber Threats CrowdStrike’s latest Global Threat Report highlights a dramatic acceleration in cyber intrusions, with attackers leveraging AI to shrink the window between initial access and lateral movement. In 2025, the average "breakout time" for eCrime actors dropped to just 29 minutes a 65% improvement from the previous year. The fastest observed intrusion saw data exfiltration begin within four minutes, while one attack achieved lateral movement in 27 seconds. AI has become a cornerstone of modern cyber operations, with adversaries increasing AI-enabled attacks by 89% year-on-year. Underground forums show a 550% surge in discussions about ChatGPT, as threat actors experiment with mainstream AI tools to bypass safeguards. Beyond tooling, attackers are directly targeting AI systems: malicious prompts were injected into generative AI platforms at over 90 organizations, enabling credential and cryptocurrency theft. Vulnerabilities in AI development platforms have also been exploited to deploy ransomware and establish persistence, while rogue AI servers impersonate trusted services to intercept sensitive data. The report ties faster breakout times to attackers abusing trusted identities, SaaS applications, and cloud infrastructure, which blend into legitimate activity and reduce defenders’ response windows. Cloud-conscious intrusions rose 37%, driven largely by state-linked actors, with intelligence-gathering operations in cloud environments surging 266%. Pre-disclosure exploitation remains a critical threat, with 42% of vulnerabilities weaponized before public disclosure often via zero-days for initial access, remote code execution, or privilege escalation. CrowdStrike identified 24 new adversary groups in 2025, bringing the total tracked to 281, spanning nation-state and eCrime actors. Social engineering tactics have also evolved, with a 563% increase in fake CAPTCHA lures and a 141% rise in spam emails. State-linked activity saw significant growth, particularly from China and North Korea. China-nexus operations increased 38%, with the logistics sector facing an 85% spike in targeting. 67% of vulnerabilities exploited by these actors provided immediate system access, and 40% targeted internet-facing edge devices. North Korea-linked incidents surged 130%, with the group FAMOUS CHOLLIMA more than doubling its activity. DPRK actors used AI-generated personas to scale insider operations, while PRESSURE CHOLLIMA was linked to a $1.46 billion cryptocurrency theft the largest single financial heist on record. Other notable threats include Russia-nexus FANCY BEAR, which deployed LLM-enabled malware (LAMEHUG) for automated reconnaissance, and the eCrime actor PUNK SPIDER, which used AI-generated scripts to accelerate credential theft and erase forensic evidence. CrowdStrike warns that the AI arms race is compressing attack timelines, turning enterprise AI systems into both tools and targets for adversaries. The report is based on intelligence from 280+ tracked adversaries, forecasting continued acceleration in AI-driven intrusions and direct exploitation of AI platforms.