CrowdStrike 2026 Global Threat Report: The definitive threat intelligence report for the AI era Download report

CrowdStrike 2026
Global Threat Report

CrowdStrike 2026
Global Threat Report

27 sec: the fastest recorded eCrime breakout time
89% increase in attacks by AI-enabled adversaries
82% of detections in 2025 were malware-free

A definitive look at the cyber threat landscape

  • Key adversary activity and events from 2025
  • How AI is scaling attacks and lowering barriers to entry
  • Expert guidance to defend against threats in the AI era
AI threats have reached a critical turning point
89%
Increase in attacks by AI-enabled adversaries

AI is now a dual threat: It acts as a force multiplier for cyberattacks while introducing a new attack surface. 

 

90+ organizations had legitimate AI tools exploited to generate malicious commands and steal sensitive data.

 

ChatGPT was mentioned in criminal forums 550% more than any other model.

The race against time: breakout speed accelerates

The race against time: breakout speed accelerates

As adversaries move faster than ever, the window for detection and response continues to shrink, demanding real-time visibility and automated response capabilities.

Punk Spider

27 sec

Fastest eCrime breakout time on record

65%

Increase in average breakout speed year over year

Edge device and cross-domain attacks escalate

Edge device and cross-domain attacks escalate

By exploiting visibility gaps, adversaries move fluidly across identity, cloud, and virtual environments while avoiding heavily monitored endpoints to evade detection.

OPERATOR PANDA

40%

Of vulnerabilities exploited by China-nexus adversaries targeted edge devices

266%

Increase in cloud-conscious intrusions by state-nexus threat actors

background
Adam Meyers

Adam Meyers

Sr. VP of Counter Adversary Operations, CrowdStrike

Cristian Rodriguez

Cristian Rodriguez

CTO of Americas, CrowdStrike

J Meyers

J Meyers

Director, OverWatch
CrowdStrike

AI-Accelerated Threat Landscape: 
Year of the Evasive Adversary

Virtual Threat Briefing

AI-Accelerated Threat Landscape: 
Year of the Evasive Adversary

CrowdStrike's experts reveal how threat actors are evading traditional defenses by weaponizing AI, exploiting cross-domain blind spots, and targeting unmanaged edge devices.

Know them. Find them.
Stop them.

 

Explore the Adversary Hub to learn how the world’s most dangerous threat actors are targeting organizations like yours.

Outpace AI-enabled cyberattacks.

Download report

FAQs

The CrowdStrike Counter Adversary Operations team performs research that identifies new adversaries, monitors their activities, and captures emerging cyber threat developments. This intelligence is used to conduct proactive threat hunting across the customer base to enable the detection of new and evolving adversary tradecraft.

  • The average eCrime breakout time dropped to just 29 minutes — a 65% increase in speed from 2024
  • 89% increase in attacks from AI-enabled adversaries 
  • 82% of detections were malware-free
  • 42% increase in zero-day vulnerabilities exploited prior to public disclosure 
  • 1.46 billion USD, record-breaking cryptocurrency heist

Adversaries are no longer “breaking in” — they’re logging in, compromising supply chains, and weaponizing zero-day vulnerabilities. They leverage AI to scale their operations and use cross-domain tradecraft to move fluidly between identity, cloud, and edge environments.

In 2025, adversaries revolutionized their attacks by integrating AI across their operations. Demonstrating increasing fluency with AI tools, adversaries incorporated the technology into their intrusion tradecraft, social engineering activity, and information operations campaigns. This shift has enabled both nation-state and eCrime threat actors to execute attacks with greater efficiency and reach than ever before.
Source: Based on the CrowdStrike’s Counter Adversary Operations team’s proprietary threat intelligence gathered in 2025.