In recent years, cybercriminals have increasingly leveraged artificial intelligence (AI) to conduct rapid and sophisticated network intrusions. The 2026 Global Threat Report by CrowdStrike highlights a significant 89% rise in AI-enabled attacks compared to the previous year, illustrating a concerning trend in the cybersecurity landscape.
Rapid Intrusions Define 2025 Cyber Threats
The swiftness of cyber attacks became a hallmark of 2025, with the average time from initial access to full domain compromise shrinking dramatically. The eCrime breakout time, a critical metric in assessing attack speed, was reduced to just 29 minutes – a 65% acceleration from 2024. One case reported an astonishingly quick 27-second breakout, with data exfiltration attempts occurring within four minutes of gaining access.
Weaponization of AI Tools
CrowdStrike’s analysis reveals that the acceleration of these intrusions is closely tied to the exploitation of AI technologies. Cyber actors are not only crafting custom malware but also manipulating legitimate AI tools by embedding malicious prompts. In August 2025, threat actors embedded harmful JavaScript into Node Package Manager (npm) packages, targeting local AI applications like Claude and Gemini to compromise authentication credentials and cryptocurrency.
Case Studies: CHATTY SPIDER and More
One notable incident involved the eCrime group CHATTY SPIDER, which targeted a U.S. law firm through a sophisticated voice phishing scam. The attackers managed to gain remote access via Microsoft Quick Assist, attempting to send stolen data within minutes. Although initial data exfiltration efforts were thwarted by firewall protections, the attackers quickly adapted by using Google Drive. Fortunately, CrowdStrike’s OverWatch team intervened to prevent data loss.
AI-Driven Deception and Ransomware
Beyond individual attacks, groups like FAMOUS CHOLLIMA developed AI-assisted attack pipelines that spanned multiple phases, leveraging tools such as ChatGPT and GitHub Copilot. These tools facilitated the creation of fake identities and management of numerous fraudulent operations. Meanwhile, PUNK SPIDER, a leading ransomware actor, utilized AI-generated scripts to extract credentials and evade traditional security measures.
Adapting to AI-Enhanced Threats
The rise of AI in cyber attacks calls for enhanced vigilance. Organizations are advised to closely monitor AI tool usage and ensure timely patching of AI platforms. Regular audits of npm dependencies and maintaining a broad visibility across identity, cloud, and SaaS environments are crucial to detecting and mitigating these fast-evolving threats.
Stay updated on the latest cybersecurity developments by following us on Google News, LinkedIn, and X. Set CSN as your preferred source for timely security updates.
