- Average escape time now only 29 minutes, with the fastest observed being 27 seconds
- GenAI accelerates intrusions, enabling rapid credential theft, evasion and exfiltration.
- Adversaries also target AI systems with malicious prompts, exploit zero-days, and scale attacks into the cloud.
Hackers have never advanced as quickly through corporate networks as they do today, a new study claims, urging businesses to up their game when it comes to online protection.
The latest CrowdStrike 2026 Global Threat Report reveals that the average escape time is now just 29 minutes, a 65% increase in speed from just a year ago. Hackers are doing this by using generative artificial intelligence (GenAI), CrowdStrike said.
Based on internal analysis, researchers found that the fastest escape ever observed occurred in just 27 seconds. During an intrusion, the data exfiltration process began four minutes after initial access.
AI arms race
“AI-enabled adversaries have increased their operations by 89% year-over-year, weaponizing AI through reconnaissance, credential theft, and evasion,” CrowdStrike said.
“Intrusions now flow through trusted identities, SaaS applications, and cloud infrastructure, blending into normal activity while reducing defender response time. AI is both the accelerator and the target.”
Speaking about AIs being a target themselves, CrowdStrike discovered that scammers were injecting malicious prompts into GenAI tools at over 90 organizations, while at the same time abusing AI development platforms.
Prompts generate commands that steal login credentials and send cryptocurrencies, while AI development platforms are used to establish persistence and deploy ransomware.
Finally, they allegedly released malicious AI servers to impersonate trusted services and intercept sensitive data.
It was also highlighted that AI now plays a central role in zero-day and cloud exploitation. Nearly half (42%) of vulnerabilities were exploited before being publicly disclosed, while cloud-based incursions increased by more than a third (37%).
State-sponsored threat actors are particularly active in this regard: Russia-affiliated Fancy Bear, Punk Spider, North Korea’s Famous Chollima and Pressure Chollima are among those identified as particularly active.
Activity from Chinese and North Korean hackers increased 38% last year, CrowdStrike added, saying they primarily targeted the logistics sector.
“This is an AI arms race,” said Adam Meyers, head of counter-adversarial operations at CrowdStrike. “Escape time is the clearest signal of intrusion progress. Adversaries go from initial access to lateral movement in minutes. AI reduces the time from intent to execution while turning enterprise AI systems into targets. Security teams must operate faster than the adversary to win.”
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
