Cyber Attacks Skirt Corporate Defenses With AI, Cloud Intrusions

Cybercriminals are increasingly evading companies’ traditional detection capabilities by weaponizing AI and trusted systems to get quicker and wider access inside businesses, according to a new report.

Adversaries are mimicking authorized activity inside businesses’ systems, which makes it harder for companies to identify intrusions, according to CrowdStrike’s 2026 Global Threat Report. Cloud infrastructure, specifically, has become a go-to entry point, with a jump in state-related threat actors targeting cloud environments last year. The 2025 analysis released Tuesday found cyber attackers are also moving faster: it took them 29 minutes last year to move from one system to another, known as the breakout time, compared to 48 minutes in 2024.

“Defenders have to work nearly twice as hard as they did two years ago,” said Adam Meyers, CrowdStrike’s senior VP of Counter Adversary Operations, during a press briefing.

Companies face more evasive threat actors this year, according to the report, which echoed other warnings that as more businesses embed AI into their core processes, the more risks will grow. AI models, training data, AI agents, and supply chains are all vulnerable to bad actors, said CrowdStrike, which tracks more than 280 adversaries.

“We’ve seen threat actors moving pretty consistently in under five minutes, going from initial access to as far as ransomware deployment,” Meyers said. As the speed of attacks continues to increase, “defenders need to figure out a way to keep pace with that,” he added.

AI-Enhanced Attacks

Cyber threat actors using AI significantly increased their attack volume in 2025, with a 89% jump in cyber attacks from AI-enabled adversaries, the report said. Still, AI continues to largely enhance existing attack methods, rather than create new vectors.

In 2025, adversaries largely used AI to boost their social engineering operations’ credibility and scale. For example, Chinese intelligence services used AI to create consulting firms to target former US government employees on job recruitment platforms, the report found.

Cyber actors also started to dabble with agentic AI, according to CrowdStrike. The report cited evidence of cybercriminals using agentic AI, including Anthropic tools, to craft attacks—though not yet at scale.

China-Related Actors

China-related adversaries continued to dominate the threat landscape in 2025, the report said, with their intrusions increasing by 38% from 2024.

In particular, attacks targeting telecommunications jumped by 30% and those against financial services increased by 20% between 2024 and 2025, the report said.

After gaining access to businesses’ systems, adversaries are maintaining long-term access to collect intelligence, CrowdStrike said. The cyber provider warned that internet-facing appliances and edge devices, such as routers, will likely remain a target of China-linked adversaries in 2026.

“Targeting of network devices is really important for China. They find lots of vulnerabilities there, and they’re able to stay under the radar on those devices because they’re not managed. Defenders don’t really have the visibility,” Meyers said.

Cloud Intrusions Rise Sharply

Threat actors largely operating on behalf of China and Russia increased their investment in targeting the cloud in 2025, which enabled a 266% jump in cloud intrusions by state-related threat actors in 2025, the report said.

Cloud environments increasingly underpinned espionage and disruptive cyber campaigns last year, with CrowdStrike’s intelligence team citing a 37% overall rise in cloud intrusions compared to 2024—signaling widespread adversary interest.

Those numbers should put businesses on alert, CrowdStrike said.

“Nation states have started to realize that the cloud is key to the modern enterprise, and if they gain access to the cloud, it gives them opportunity to go to a whole range of other targets within the environment,” Meyers said. “So cloud is increasingly being targeted, and something that organizations really need to pay close attention to.”