The CrowdStrike 2026 Global Threat Report identifies 2025 as a pivotal year for the "evasive adversary," where speed and subtlety became the primary tactics. Breakout times for eCrime have dropped to an average of 29 minutes, while 82% of observed attacks were malware-free, relying instead on valid credentials and trusted identity flows. Adversaries are moving away from heavily monitored endpoints to exploit blind spots in SaaS, cloud environments, and supply chains.
The integration of AI has significantly altered the threat landscape, with AI-enabled attacks increasing by 89%. Adversaries are not only using AI to optimize existing techniques like social engineering but are also targeting the AI systems themselves through malicious prompt injection and exploitation of AI development platforms. Additionally, there has been a sharp rise in the exploitation of zero-day vulnerabilities, particularly those affecting edge devices, and a marked increase in activity from China and North Korea-nexus actors.
Top comments (0)