- Average breakout time now only 29 minutes, fastest observed 27 seconds
- GenAI accelerates penetration, enabling rapid credential theft, evasion and data exfiltration
- Adversaries are also targeting AI systems with malicious prompts, exploiting zero-days and expanding cloud attacks
Hackers have never moved as quickly through corporate networks as they do today, new research has claimed, urging companies to up their game when it comes to online protection.
The latest CrowdStrike 2026 Global Threat Report found that the average breakout time is now just 29 minutes, a 65% increase in speed compared to just a year ago. Hackers are able to do this by using Generative Artificial Intelligence (GenAI), CrowdStrike said.
Based on internal analysis, the researchers found that the fastest ever observed eruption occurred in just 27 seconds. In one intrusion, the process of data exfiltration began four minutes after initial access.
AI arms race
“AI-enabled adversaries increased their operations by 89% year over year, weaponizing AI across reconnaissance, credential theft and evasion,” CrowdStrike said.
“Intrusions now move through trusted identities, SaaS applications and cloud infrastructure, blending into normal activity while compressing defenders’ time to respond. AI is both the accelerator and the target.”
Speaking of AIs themselves being a target, CrowdStrike found that bad guys are injecting malicious prompts into GenAI tools at more than 90 organizations, while also abusing AI developer platforms.
The prompts generate commands that steal login credentials and send cryptocurrencies, while AI developer platforms are used to establish persistence and deploy ransomware.
Finally, they were said to release malicious AI servers to impersonate trusted services and intercept sensitive data.
It was also emphasized that AI now plays a central role in zero-day and cloud exploitation. Almost half (42%) of vulnerabilities were exploited before they were made public, while cloud-based intrusions increased by more than a third (37%).
State-sponsored threat actors are particularly active in that regard – Russia-linked Fancy Bear, Punk Spider, North Koreans Famous Chollima and Pressure Chollima are among those singled out as being particularly active.
Activity among Chinese and North Korean hackers increased by 38% last year, CrowdStrike added, saying they primarily targeted the logistics vertical.
“This is an artificial intelligence arms race,” said Adam Meyers, head of counterintelligence operations at CrowdStrike. “Breakout time is the clearest signal of how intrusions have changed. Adversaries move from initial access to lateral movement in minutes. AI compresses the time between intent and execution as enterprise AI systems transform into targets. Security teams must work faster than the adversary to win.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
