CrowdStrike reports 89% surge in AI-driven cyberattacks as breakout times collapse to 29 minutes

CrowdStrike: AI-driven cyberattacks surged 89% in just one year

CrowdStrike released its 2026 Global Threat Report on Monday, documenting an 89% year-over-year increase in AI-enabled adversary operations. The report, drawn from intelligence on more than 280 named threat actors, details how artificial intelligence accelerates attacks and creates new vulnerabilities. The average "breakout time" from initial breach to lateral movement fell to 29 minutes in 2025, a 65% increase in speed over 2024. One observed breakout took just 27 seconds, with data exfiltration starting within four minutes of initial access in a separate case. Malware-free detections accounted for 82% of activity, continuing a trend toward credential theft and identity-based intrusions. Adversaries are targeting AI systems directly. Attackers injected malicious prompts into generative AI tools at more than 90 organizations to steal credentials and cryptocurrency. They exploited vulnerabilities in AI development platforms to deploy ransomware and published rogue AI servers to intercept sensitive data. On the offensive side, Russia-linked group FANCY BEAR deployed LAMEHUG, an LLM-enabled malware using the Qwen2.5-Coder-32B-Instruct model to generate reconnaissance commands. PUNK SPIDER used AI-generated scripts to accelerate credential dumping and destroy forensic evidence. North Korea-linked FAMOUS CHOLLIMA leveraged AI-generated personas to scale insider threat operations. Nation-state activity escalated significantly. China-linked cyber operations rose 38% in 2025, with the logistics sector seeing an 85% increase in targeting. Sixty-seven percent of vulnerabilities exploited by China-nexus actors delivered immediate system access, while 40% targeted internet-facing edge devices. North Korea-linked incidents surged more than 130%, with FAMOUS CHOLLIMA's activity more than doubling. PRESSURE CHOLLIMA's $1.46 billion cryptocurrency theft was flagged as the largest single financial heist ever reported. Cloud-focused intrusions rose 37% overall, with a 266% increase from state-backed actors targeting cloud environments. Forty-two percent of vulnerabilities were exploited before public disclosure as attackers weaponized zero-day flaws. CrowdStrike President Michael Sentonas stated: "Prompts are going to be the new malware."

Dark Side Os AI - CrowdStrike Flags 89% Surge In AI-Driven Attacks - CrowdStrike Holdings (NASDAQ:CRWD)

CrowdStrike Holdings Inc. (NASDAQ:CRWD) released its 2026 Global Threat Report on Tuesday, painting an alarming picture of an adversary landscape supercharged by artificial intelligence. The report, built on intelligence from CrowdStrike's threat hunters and analysts tracking more than 280 named adversaries, reveals that AI is no longer just a defensive tool -- it has become the primary weapon of choice for cybercriminals and nation-state actors alike. Breakout Times Hit Record Lows The headline number is stark. The average eCrime breakout time -- the window between initial access and lateral movement -- collapsed to just 29 minutes in 2025, a 65% acceleration from 2024 levels. The fastest recorded intrusion occurred in a breathtaking 27 seconds. In one documented case, data exfiltration began within four minutes of initial access, leaving defenders almost no time to respond. "This is an AI arms race," said Adam Meyers, head of counter-adversary operations at CrowdStrike. "Breakout time is the clearest signal of how intrusion has changed. Adversaries are moving from initial access to lateral movement in minutes. AI is compressing the time between intent and execution while turning enterprise AI systems into targets. Security teams must operate faster than the adversary to win." Market Context: A Sector Under Pressure The report arrives as CrowdStrike navigates a turbulent stretch. The stock is down roughly 22.76% year-to-date, and has been caught in a broader SaaS and cybersecurity selloff triggered in part by Anthropic's unveiling of Claude Code Security last week. Analyst Take Price Action: CRWD is edging up 0.44% to $351.86 in Tuesday's premarket session after tumbling 9.85% in Monday's regular trading, according to Benzinga Pro data. Photo: IgorGolovniov / Shutterstock This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Market News and Data brought to you by Benzinga APIs To add Benzinga News as your preferred source on Google, click here.