In 2025, it took cybercriminals less time to move laterally across a network after breaking in than it does to watch a typical sitcom This article explores threat report speed. . After establishing an initial foothold in a victim environment, attackers took an average of just 29 minutes to pivot to other systems, according to a CrowdStrike analysis of threat activity from the previous year.
This represents a 65% acceleration from the previous year. In one case, an attacker started exfiltrating data four minutes after breaking in, while the fastest "breakout"—as CrowdStrike called it—took only 27 seconds. According to CrowdStrike's 2026 edition of its Global Threat Report, "Speed is now the defining characteristic of intrusion, and it has fundamentally reshaped how adversaries evade detection."
For defenders, this means that the amount of time available to identify and react to an intrusion has drastically decreased and is continuing to do so. Chinese actors have diligently concentrated on accelerating the time to exploit recently revealed vulnerabilities in addition to discovering new ones, hoping to reduce the time to two days, he says. Related: New Cybersecurity Issues Are Caused by Emerging Chiplet Designs ## AI as an Attack Surface and Weapon Meanwhile, cybercriminals began to use AI as both a weapon and a target.
A growing number of threat actors, such as organized crime and nation-state actors, are using AI to speed up reconnaissance, create phishing content, create exploits, get around defenses, and troubleshoot current attack tools and techniques in real time. According to CrowdStrike's report, organizations that heavily utilize artificial intelligence (AI) in their operations include Russia's Fancy Bear, North Korea's Famous Chollima, and the Punk Spider ransomware group. Overall, the number of attacks carried out by attackers who used AI the most in 2025 increased by an astounding 89% compared to the previous year.
