Threat actors are using AI to increase the speed and scale of their hacking toolkits, increasingly setting records for attack speeds that outpace security teams. According to a report released on Tuesday From Crowdstrike.
The average time for an electronic crime to occur in 2025 reached 29 minutes, an increase of 65% from the previous year. According to the report. The fastest breakout time observed in 2025 was just 27 seconds, compared to 51 seconds the previous year.
Researchers define breakout time as the period of time between the initial intrusion and the time the attacker is able to move on to another system. In one particular case, hackers were able to exfiltrate data within four minutes of gaining initial access.
CrowdStrike researchers believe that faster breakout times will put additional pressure on security teams to detect and respond to attacks. He likened the role of a network defender to a security guard in a building lobby.
“If an attacker sneaks past the security guard and gets into the elevator, you now have to go floor to floor and door to door to understand everything about where they went,” said Adam Myers. Responsible for counter-adversary operations; CrowdStrike’s CEO said on a conference call. “What did they touch? What did they get into?”
Threat groups are also exploiting legitimate AI tools as part of their attacks. Approximately 90 organizations were affected after hackers dropped malicious prompts on these tools in order to steal credentials or steal cryptocurrencies.
According to the report, nation states and criminal organizations have increased their use of AI by about 90%. For example, the nation-state threat group Fancy Bear used AI-enabled malware called LameHug to automate document collection and reconnaissance operations.
A cybercriminal tracked as Punk Spider used AI-generated scripts to erase forensic evidence and accelerate credential dumping. Cheonlima, a well-known North Korea-related threat actor, used AI-generated personas in insider attacks.
The report confirms growing concerns about threat groups adding AI tools to scale their attacks. In November, Anthropic reported adversaries linked to China exploited AI-based coding tools in a global espionage operation that attacked 30 different organizations.
