Log in
Oops! Something went wrong while submitting the form.
Create an account
Oops! Something went wrong while submitting the form.
Published by CrowdStrike in February 2026, this annual global threat report draws on frontline intelligence from CrowdStrike's Counter Adversary Operations team tracking over 280 named adversaries. The 2026 edition establishes 2025 as the year of the evasive adversary: a threat landscape defined by speed, stealth and the exploitation of trusted systems rather than obvious malware.
The headline statistics are stark. The average eCrime breakout time — the window between initial access and lateral movement to another system — fell to 29 minutes, a 65% increase in speed from 2024. The fastest observed breakout occurred in just 27 seconds. AI-enabled adversary activity increased 89% year on year, with threat actors integrating AI into social engineering, credential theft and evasion tactics across their operations.
A defining theme is that 82% of detections were malware-free: adversaries increasingly used legitimate credentials, trusted identity flows and approved SaaS integrations to move across environments without triggering traditional detection. Cloud-conscious intrusions rose 37% overall, with a 266% increase among state-nexus actors. Zero-day exploitation increased 42% year on year.
Perhaps most significantly, AI systems are themselves becoming an attack surface. Over 90 organisations had legitimate AI tools exploited through malicious prompt injection to generate credential-theft commands. CrowdStrike also observed adversaries abusing AI development platforms and publishing malicious AI servers impersonating trusted services.
For any organisation handling sensitive data — including DMOs managing visitor data and digital infrastructure — the report provides the definitive annual benchmark for understanding the evolving threat landscape.
Published by CrowdStrike in February 2026, this annual global threat report draws on frontline intelligence from CrowdStrike's Counter Adversary Operations team tracking over 280 named adversaries. The 2026 edition establishes 2025 as the year of the evasive adversary: a threat landscape defined by speed, stealth and the exploitation of trusted systems rather than obvious malware.
The headline statistics are stark. The average eCrime breakout time — the window between initial access and lateral movement to another system — fell to 29 minutes, a 65% increase in speed from 2024. The fastest observed breakout occurred in just 27 seconds. AI-enabled adversary activity increased 89% year on year, with threat actors integrating AI into social engineering, credential theft and evasion tactics across their operations.
A defining theme is that 82% of detections were malware-free: adversaries increasingly used legitimate credentials, trusted identity flows and approved SaaS integrations to move across environments without triggering traditional detection. Cloud-conscious intrusions rose 37% overall, with a 266% increase among state-nexus actors. Zero-day exploitation increased 42% year on year.
Perhaps most significantly, AI systems are themselves becoming an attack surface. Over 90 organisations had legitimate AI tools exploited through malicious prompt injection to generate credential-theft commands. CrowdStrike also observed adversaries abusing AI development platforms and publishing malicious AI servers impersonating trusted services.
For any organisation handling sensitive data — including DMOs managing visitor data and digital infrastructure — the report provides the definitive annual benchmark for understanding the evolving threat landscape.
