In 2025, cybercriminals needed less time to move from break-in to lateral movement across a network than it takes to watch a typical sitcom.
An analysis by CrowdStrike of threat activity last year found attackers took just 29 minutes, on average, to pivot to other systems after gaining an initial foothold in a victim environment, marking a 65% acceleration from the year before.
The fastest “breakout,” as CrowdStrike termed it, happened in a mere 27 seconds, while in another instance an attacker began exfiltrating data four minutes after breaking in. “Speed is now the defining characteristic of intrusion, and it has fundamentally reshaped how adversaries evade detection,” CrowdStrike said in the 2026 edition of its “Global Threat Report.” For defenders, it means the time available to detect and respond to an intrusion has collapsed to a fraction of what it was just a few years ago and is shrinking even more.
The statistic around the breakout time was the “most alarming” finding from the report, says Adam Meyers, senior vice president of counter adversary operations at CrowdStrike. “Just a few years ago the average breakout time was 62 minutes. As we see the impact that AI has had during the course of the past year, I think it has created a situation where we are seeing more opportunity for this to get even faster,” he says. “Defenders are the ones left really holding the bag.”
Why Attackers Are Moving So Fast
Several converging factors appear to have fueled the dramatic acceleration in attacker speed. Chief among them was the widespread abuse of legitimate credentials, which allowed attackers to blend into normal network traffic and bypass many traditional security controls. In 35% of the cloud-related incidents that CrowdStrike investigated, attackers used valid account credentials to move about freely in victim environments without generating any alerts.
Instead of trying to smash through enterprise defenses using malware and exploits, attackers often simply waltzed into target environments by impersonating trusted people, systems, Software-as-a-Service (SaaS) integrations, and software. Somewhat unsurprisingly, a startling 82% of CrowdStrike threat detections in 2025 were malware-free, meaning “intrusions moved through authorized pathways and trusted systems, blending into normal activity,” according to the vendor.
“Threat actors are leveraging identity more effectively,” not just for initial access but to also move across cloud, SaaS, on-premises and virtual environments, says Meyers. In cloud environments especially where attacks increased 37%, attackers frequently used single sign-on (SSO) credentials to gain initial access and then pivoted very quickly to virtual environments and network device. “Adversaries are moving at incredible speed across the board,” Meyers says.
The Unmanaged Device Problem
Unmanaged devices on enterprise networks, most of which lacked typical endpoint detection and response (EDR) controls, is also a boon to attackers. Devices in this category included VPNs and firewall appliances, employees’ personal devices, webcams, third-party apps, and virtual machines. These unmanaged devices were a particularly favorite target for China-backed threat actors like Blockade Spider, Punk Spider, and Scattered Spider.
“China has been investing in the ability to target unmanaged devices,” and has become “extremely effective” at it said Meyers. Much of it is the result of systematic efforts by the Chinese government and military to work with security researchers, academics, and the civil sector to find and collect vulnerabilities in network devices that organizations either can’t see or lack proper control over. In addition to finding new vulnerabilities, Chinese actors have also doggedly focused on speeding up time to exploit newly disclosed vulnerabilities, with the goal being to drive the time down to two days, he says.
AI as Weapon and Attack Surface
Meanwhile, AI became both a weapon and a target for cybercriminals. A growing number of threat actors, including organized crime and nation-state actors used AI to accelerate reconnaissance, generate phishing content, develop exploits, evade defenses and troubleshoot existing attack tools and techniques in real time. CrowdStrike’s report identified entities like the Punk Spider ransomware group, North Korea’s Famous Chollima, and Russia’s Fancy Bear among those that make heavy use of AI in their tradecraft. Overall, attackers who leveraged AI most actively in 2025 increased the number of attacks they carried out by a stunning 89% over the prior year.
At least some of the AI use among adversaries appeared to be experimental in nature. Fancy Bear, for instance, released malware dubbed LameHug in mid-2025 that incorporated a large language model (LLM) for reconnaissance and information gathering. While novel, CrowdStrike found the malware to be functionally not very different from traditional attack tools, leading the vendor to believe that Fancy Bear was likely just tinkering with AI techniques rather than fully operationalizing them. “I think we are still in the early innings with AI,” Meyers notes.
But AI was not just part of the attacker toolchain. “It was also a part of the attack surface,” for adversaries, Meyers says. Many threat actors targeted new vulnerabilities resulting from increased integration of AI tools and platforms in enterprise operations, business workflows, and software development pipelines. CVE-2025-3248, a vulnerability in Langflow, a low-code platform for building and deploying AI-powered apps, was one particularly favorite target. Attackers exploited it to steal credentials, establish persistence in compromised environments, and deploy ransomware and other malware.
Threat actors also experimented with LLM prompt injection attacks to try and undermine AI-enabled security workflows and moved to take advantage of the quickly growing — and largely unvetted — use of model context protocol (MCP) servers in enterprise environments. In the first known instance of its kind, a threat actor last year published a spoofed version of a legitimate Postmark MCP server to harvest emails containing API keys, passwords, financial information, and other sensitive data from organizations that downloaded it from the npm registry.
In at least 90 organizations, CrowdStrike observed attackers injecting malicious prompts into legitimate generative AI platforms to steal credentials and cryptocurrency. In other instances, adversaries leveraged vulnerabilities in AI-enabled software development platforms to deploy malware, establish persistence, and intercept data by impersonating trusted services. The AI models that CrowdStrike observed threat actors discussing most commonly in underground forums included many of the same platforms that organizations are currently using, such as ChatGPT, Claude, Grok, and Gemini.
