CrowdStrike, the cybersecurity company, has published its 2026 Global Threat Report, warning that AI-enabled adversaries increased operations by 89% year-over-year and are moving from initial access to lateral movement across networks in under half an hour.
The report, drawn from intelligence tracking more than 280 named adversaries, found the average eCrime breakout time, the interval between initial access and wider network compromise, fell to 29 minutes, with the fastest observed intrusion completing in 27 seconds.
Adversaries injected malicious prompts into generative AI tools at more than 90 organisations to steal credentials and cryptocurrency, exploited vulnerabilities in AI development platforms to deploy ransomware, and published malicious AI servers to intercept sensitive data.
Named threat actors include FANCY BEAR, which deployed AI-enabled malware for automated reconnaissance, and FAMOUS CHOLLIMA, a North Korea-linked group that scaled insider operations using AI-generated personas.
PRESSURE CHOLLIMA, also linked to North Korea, carried out the largest single financial theft cited in the report, stealing $1.46 billion in cryptocurrency.
China-linked activity rose 38% overall, with targeting of logistics operations up 85% and state-nexus actors increasing cloud-based attacks by 266%.
The report also found that 42% of vulnerabilities were exploited before public disclosure, leaving organisations with no opportunity to patch before exposure.
Related reading
- CrowdStrike adds its security platform to Microsoft Marketplace for Azure customers
- NVIDIA recruits five cybersecurity firms to protect critical infrastructure using AI run on its own chips
- Google picks Pine Island, Minnesota for new data centre and clean energy investment
Adam Meyers, head of counter adversary operations at CrowdStrike, described the situation as an AI arms race, saying AI was compressing the time between intent and execution while simultaneously turning enterprise AI systems into targets.
CrowdStrike said the full findings are available in the 2026 Global Threat Report.
The recap
- CrowdStrike released its 2026 Global Threat Report today.
- AI-enabled adversary operations increased 89% year-over-year according to CrowdStrike.
- Download the 2026 Global Threat Report from CrowdStrike's website.
