Dive Brief:
- Hackers are increasingly integrating artificial intelligence into all phases of the cyberattack life cycle, with the technology regularly analyzing target information, generating phishing emails and providing coding assistance, security firm ReliaQuest said in a report published on Tuesday.
- Other recent reports from IBM and cyber insurer Resilience similarly highlight how AI has changed the threat landscape.
- At the same time, a new Sophos report said it was important to put in perspective AI’s capabilities and impact.
Dive Insight:
AI is dramatically speeding up key stages of a cyberattack, according to ReliaQuest’s latest report.
Thanks to automation, adversaries can begin moving laterally across a victim network within as little as four minutes, an 85% drop from the fastest-observed lateral movement in 2024. The average amount of time it took hackers to move laterally in a victim’s network dropped 29%, from 48 minutes in 2024 to 34 minutes in 2025.
Data exfiltration is also speeding up, with the fastest attack taking roughly six minutes — a dramatic decline from more than four hours in 2024. AI and automation have played an important role in that evolution, with ReliaQuest finding that 80% of ransomware groups are now using one or both technologies, including for stealing data.
One piece of AI-powered malware illustrates the trends that ReliaQuest’s report describes: the BoaLoader malware, which researchers said “reflects the first major convergence of AI-assisted development, social engineering, and traditional cybercrime.” Despite BoaLoader only appearing toward the end of 2025, ReliaQuest observed hackers using it in roughly one-fifth of all incidents last year.
“AI and automation have changed the game in cybersecurity, allowing threat actors to move faster than any human alone can combat,” Mike McPherson, a senior vice president at ReliaQuest, said in the press release, urging businesses to adopt defensive AI in response.
Resilience’s annual claims report also warned about AI. “The phishing resurgence documented in 2025 suggests AI is making a significant impact on the threat landscape,” the insurer said. In 2024, the company saw phishing decline due to improved user awareness, but in 2025, losses escalated dramatically, reaching an average of more than $1.6 million per claim. AI has played a major role in that trend, Resilience said, citing research showing how the technology can turbocharge phishing attacks.
IBM’s latest threat intelligence report, published on Wednesday, similarly describes AI as transformative. The technology “is reshaping attacker operations by compressing decision cycles and enabling faster experimentation during active intrusions,” researchers wrote. AI tools can quickly analyze large volumes of data and make quick changes to attack strategies, giving hackers flexibility and scale that they would lack without AI.
“This operational flexibility increases dwell-time risk and places greater strain on security teams that depend on fixed rules, signatures or delayed analysis to detect malicious activity,” IBM said.
Attackers also benefit from a lack of guardrails, whereas defenders must comply with legal and governance safeguards as they use AI. This could help hackers “operationalize new capabilities faster than most enterprises,” IBM said. “As a result, defensive use of AI does not automatically provide an advantage.”
Sophos’ latest report echoed other findings about AI’s potential but offered a cautionary note about assessing its current impact.
“While it seems inevitable that GenAI will someday cross the threshold into fully autonomous attacks, and possibly generate novel attack vectors and malware along the way, we aren’t there yet,” the company said.
Even so, researchers added, the technology does offer hackers “speed, volume, and democratization,” helping low-skilled criminals “launch phishing campaigns at scale and faster than ever before.”
