- Average escape time is now just 29 minutes, fastest observed is 27 seconds
- GenAI accelerates intrusions, enabling rapid credential theft, evasion and data exfiltration.
- Adversaries also target AI systems with malicious messages, exploit zero-days, and expand attacks to the cloud.
Hackers have never moved as quickly through corporate networks as they do today, new research claims, urging businesses to up their game when it comes to online protection.
The latest CrowdStrike 2026 Global Threat Report found that the average jailbreak time is now just 29 minutes, a 65% increase in speed compared to just a year ago. Hackers can do this by employing Generative Artificial Intelligence (GenAI), CrowdStrike said.
According to an internal analysis, researchers found that the fastest leak ever observed occurred in just 27 seconds. In one breach, the data exfiltration process began four minutes after the initial access.
AI arms race
“AI-enabled adversaries increased operations by 89% year over year, weaponizing AI in reconnaissance, credential theft, and evasion,” CrowdStrike said.
“Intrusions now move across trusted identities, SaaS applications and cloud infrastructure, blending in with normal activity and compressing defenders’ response time. AI is both the accelerator and the target.”
Speaking of AIs being a target themselves, CrowdStrike found that criminals are injecting malicious cues into GenAI tools in over 90 organizations while abusing AI development platforms.
Prompts generate commands that steal login credentials and send cryptocurrency, while AI development platforms are used to establish persistence and deploy ransomware.
Finally, they were said to have published malicious AI servers to impersonate trusted services and intercept sensitive data.
It was also highlighted that AI now plays a critical role in cloud and zero-day exploitation. Nearly half (42%) of vulnerabilities were exploited before they were publicly disclosed, while cloud-based incursions increased by more than a third (37%).
State-sponsored threat actors are particularly active in that regard: Fancy Bear, Punk Spider, Russia-affiliated North Koreans Famous Chollima and Pressure Chollima are among those noted as particularly active.
Activity between Chinese and North Korean hackers increased 38% last year, CrowdStrike added, saying they were primarily targeting the logistics sector.
“This is an AI arms race,” said Adam Meyers, head of adversary operations at CrowdStrike. “Time to breakthrough is the clearest sign of how intrusion has changed. Adversaries are moving from initial access to lateral movement in minutes. AI is compressing the time between intent and execution while turning enterprise AI systems into targets. Security teams must operate faster than the adversary to win.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
