CrowdStrike: AI-Powered Threats Shape Security Landscape

Although once billed as cyber’s next greatest opportunity, protecting entities from malicious actors, AI is now one of its biggest existential risks.

CrowdStrike’s 2025 Threat Hunting Report paints a stark picture of an evolving cyber threat landscape powered by AI adoption and innovation by adversaries. 

It reveals that cyber criminals have weaponised Gen AI to deceive, penetrate and persist within enterprise environments at record pace and scale.

This year, the report frames an “arms race” in cyber operations — with both eCrime and nation state actors leveraging Gen AI to drive unprecedented speed, scale and deception.

CrowdStrike’s 2025 Threat Hunting Report, in brief 

CrowdStrike’s latest view paints a stark portrait of the modern challenges facing cybersecurity.

Over the past year, interactive intrusions — active, hands-on breaches where attackers adapt their tactics in real time — have surged by 27%, which CrowdStrike says highlights that “adversaries are innovating their operations to bypass legacy detection methods”.

CrowdStrike also finds that 81% of these intrusions were malware-free, as threat actors increasingly act as “legitimate users” within networks. 

It reports that eCrime, driven by financial gain, accounts for nearly three-quarters of these breaches. 

But even nation state adversaries are now leveraging AI to execute espionage and steal critical data.

The role of Gen AI

Gen AI, CrowdStrike says, is at the heart of this transformation. 

North Korea-linked FAMOUS CHOLLIMA stands out as the most proficient example. Its operatives have used Gen AI to craft synthetic résumés and cover letters, deploy real-time deepfake video during remote interviews and leverage AI code assistants to perform technical tasks under false identities. 

More than 320 companies were infiltrated in the past year — a 220% increase — with most never suspecting an insider threat powered by AI. 

These North Korean IT workers mask their poor English skills and simultaneously hold multiple jobs, relying on Gen AI tools to handle communications and manage workloads, often escaping detection during hiring and daily operations.

But AI’s impact extends far beyond insider threats. 

Russian and Iranian adversaries have harnessed large language models to craft convincing phishing lures and information operations. 

These AI-generated campaigns amplify disinformation, as seen with Russian EMBER BEAR’s pro-Kremlin propaganda and Iran-linked CHARMING KITTEN’s multilingual phishing attacks targeting Western organisations. 

CrowdStrike also emphasises that malware is entering a new era. Finding early cases, such as FunkLocker and SparkCat, CrowdStrike sources that AI is used to automate script generation, solve technical problems and even select which images to exfiltrate. 

Are traditional cyber defences dwindling?

Perhaps the most alarming trend highlighted by CrowdStrike is the decline of traditional cyber defences. 

The report shows adversaries like SCATTERED SPIDER bypassing endpoint detection completely. 

Their favoured tactics involve impersonating employees in vishing  — voice phishing — attacks, exploiting help desk workflows to reset passwords and MFA, then quickly moving laterally through cloud and SaaS environments. 

In one high-profile case, this group progressed from initial account compromise to ransomware deployment in just 24 hours — one-third faster than their record a year earlier.

According to CrowdStrike, cloud environments have emerged as a frontline battleground.

The first half of 2025 saw a 136% rise in cloud intrusions, with China-nexus actors such as GENESIS PANDA and MURKY PANDA exploiting misconfigurations and trusted relationships to pivot across organisations. 

Telco companies in particular have been in the crosshairs, suffering a 130% spike in nation-state activity, as adversaries pursue “long game” intelligence collection that is both patient and devastatingly persistent.

With this being the state of play, CrowdStrike urges that the defensive playbook must change. 

It says that organisations must embrace AI defensively, not just as a detection tool, but to operationalise reasoning-capable systems that autonomously triage alerts, investigate indicators and hunt threats across endpoints, cloud and identity infrastructure.

At the same time, it emphasises that user education and process resilience are critical — help desks and users must be drilled in recognising social engineering that now combines human cunning with AI precision.