Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors are not only using AI tools – they’re now also going after the AI agents employed by large enterprises, according to a new CrowdStrike report.
CrowdStrike has released its 2025 Threat Hunting Report, and one of the key takeaways from the last 12 months of adversary activity is that hackers are continuing to take advantage of AI to support their operations.
“The AI era has redefined how businesses operate, and how adversaries attack. We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,” Adam Meyers (pictured), CrowdStrike’s head of counter adversary operations, said in a statement.
The uptake of malicious AI is being led by nation-state hacking groups. The North Korean-backed Famous Chollima has used AI heavily in its fake IT worker campaigns, from creating fake résumés to using deepfakes to pass virtual interviews. The Iran-linked Charming Kitten, on the other hand, has deployed phishing lures built by its own large language model, while Russia-based Ember Bear has used generative AI to push pro-Russian propaganda.
And while hackers are turning to AI as a tool, they’re also exploiting it as a target.
“At the same time, adversaries are targeting the very AI systems organisations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets,” Meyers said.
“Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving.”
CrowdStrike’s analysts have observed several threat actors taking advantage of vulnerabilities in tools used to build and deploy AI agents. Through these attacks, hackers have gained unauthenticated access, established persistence, harvested credentials, and deployed malware.
At the lower end of the cyber criminal ecosystem, hackers and hacktivists are using AI to solve coding problems, build malware, and create scripts.
Outside of AI developments, the last 12 months saw cloud intrusions increase by 75 per cent, with one group – Scattered Spider – being responsible for 29 per cent of all cloud-conscious intrusions. Attacks involving remote monitoring and access tools also increased, with a 70 per cent year-on-year increase; 27 per cent of all hands-on keyboard attacks over the last 12 months took advantage of RMM tools in some way.
You can read the full 2025 Threat Hunting Report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
