The CrowdStrike 2026 Global Threat Report highlights a significant evolution in adversary tactics, characterized by extreme speed and stealth. In 2025, the average breakout time plummeted to just 29 minutes, with threat actors increasingly pivoting away from traditional malware in favor of "malware-free" techniques. These attackers leverage valid credentials, trusted identity flows, and cloud integrations to move laterally across environments while remaining undetected by traditional security controls.
Artificial Intelligence has become a dual-edged sword in the threat landscape, with an 89% increase in attacks by AI-enabled adversaries. Beyond using AI to optimize social engineering, threat actors are actively targeting AI systems themselves, injecting malicious prompts and exploiting vulnerabilities in development pipelines. This shift signals a new era where the AI infrastructure of an enterprise is as much a target as its endpoints or cloud storage.
State-nexus actors, particularly from China and North Korea, demonstrated increased sophistication through supply chain compromises and edge device exploitation. China-nexus actors focused heavily on VPN appliances and firewalls for long-term intelligence collection, while North Korea-nexus groups achieved record-breaking financial thefts via trojanized software. With 24 new adversaries added to the landscape, organizations must transition toward identity-centric and cloud-conscious defense strategies.
Top comments (0)