When 27 Seconds Is Enough: Inside the AI-Driven Threat Surge

News

1. e& Delivers Record Profit Ahead of CEO Transition
2. When 27 Seconds Is Enough: Inside the AI-Driven Threat Surge
3. UAE’s G42 and Publicis Sapient Sign MoU for AI-First Joint Venture
4. Nearly 100% UAE CIOs Believe Their Reputation Will be at the Mercy of AI
5. Gaitana, a Blue AI Bot, Enters Colombia’s Parliamentary Race
6. TII Launches Cloud Access to Homegrown Quantum Processors

Artificial intelligence assisting cybercriminals is just half the story; the tech is also accelerating them. That is the key takeaway from CrowdStrike’s latest 2026 Global Threat Report, which finds that AI-enabled adversaries increased their operations by 89 percent year over year, compressing the time between initial access and full system compromise to unprecedented speeds.

The report describes what it calls an “AI arms race,” in which generative tools and development platforms have become both instruments and targets of attack. The average eCrime breakout time—the interval between initial compromise and lateral movement—fell to 29 minutes in 2025, a 65 percent acceleration from the previous year. The fastest observed breakout occurred in just 27 seconds. In at least one case, data exfiltration began within four minutes of entry.

Such compression fundamentally alters defensive strategy. Historically, security teams relied on dwell time (often measured in days) to detect anomalous behavior. Now, defenders have minutes.

The attack surface itself is shifting. According to CrowdStrike, adversaries exploited legitimate generative AI systems at more than 90 organizations by injecting malicious prompts that produced credential-harvesting scripts and cryptocurrency theft commands. In parallel, attackers targeted AI development platforms, exploiting vulnerabilities to establish persistence, deploy ransomware, and impersonate trusted AI services in order to intercept sensitive data.

“Prompts are the new malware,” the report suggests, which highlights a conceptual change. Instead of introducing foreign code, attackers increasingly manipulate legitimate AI workflows, blending into normal operations and evading signature-based detection.

Nation-state actors are also integrating AI into their operational playbooks. A Russia-linked group, FANCY BEAR, reportedly deployed LLM-enabled malware known as LAMEHUG to automate reconnaissance and document collection. The eCrime group PUNK SPIDER used AI-generated scripts to accelerate credential dumping while erasing forensic traces. Meanwhile, DPRK-linked FAMOUS CHOLLIMA scaled insider operations using AI-generated personas—blurring the line between technical exploitation and social engineering.

Geopolitically aligned activity is intensifying, too. China-nexus operations rose 38 percent in 2025, with logistics organizations experiencing an 85 percent increase in targeting. Sixty-seven percent of vulnerabilities exploited by China-linked actors yielded immediate system access, and 40 percent targeted internet-facing edge devices. DPRK-linked incidents surged more than 130 percent. One operation attributed to PRESSURE CHOLLIMA resulted in a $1.46 billion cryptocurrency theft—the largest single financial heist on record.

Cloud environments are emerging as a focal point. Cloud-conscious intrusions rose 37 percent overall, with a 266 percent increase in state-sponsored activity targeting cloud infrastructure for intelligence collection. Meanwhile, 42 percent of vulnerabilities were exploited before public disclosure, signaling aggressive weaponization of zero-day flaws for remote code execution and privilege escalation.

What distinguishes this moment is not simply the presence of AI in the threat landscape, but its dual role as both accelerant and objective. Enterprise AI systems—once adopted to streamline productivity—are now high-value targets. As generative tools become embedded in core workflows, they create new vectors for manipulation that bypass traditional perimeter defenses.

Adam Meyers, CrowdStrike’s head of counter adversary operations, characterizes the situation as an inflection point. “AI is compressing the time between intent and execution,” he said. In such an environment, the advantage shifts toward automation, real-time telemetry, and identity-centric security models.