Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures (TTPs) are still dominating the field.
The hype around artificial intelligence has certainly been dominating media headlines; yet the real-world data paints a far more nuanced picture of which malware threats are thriving, and why. Here’s a glimpse at the most critical findings and trends shaping the year’s most deployed adversarial campaigns and what steps cybersecurity teams need to take to respond to them.
Why the AI Hype is Falling Short…at Least For Now
While headlines are trumpeting AI as the one-size-fits-all new secret weapon for cybercriminals, the statistics—again, so far—are telling a very different story. In fact, after poring over the data, Picus Labs found no meaningful upswing in AI-based tactics in 2024. Yes, adversaries have started incorporating AI for efficiency gains, such as crafting more credible phishing emails or creating/ debugging malicious code, but they haven’t yet tapped AI’s transformational power in the vast majority of their attacks so far. In fact, the data from the Red Report 2025 shows that you can still thwart the majority of attacks by focusing on tried-and-true TTPs.
“Security teams should prioritize identifying and addressing critical gaps in their defenses, rather than fixating on the potential influence of AI.” — Picus Red Report 2025
Credential Theft Spikes More Than 3X (8% → 25%)
Attackers are increasingly targeting password stores, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and spread within networks. This threefold jump underscores the urgent need for ongoing and robust credential management combined with proactive threat detection.
Modern infostealer malware orchestrates multi-stage style heists blending stealth, automation, and persistence. With legitimate processes cloaking malicious operations and actual day-to-day network traffic hiding nefarious data uploads, bad actors can exfiltrate data right under your security team’s proverbial nose, no Hollywood-style “smash-and-grab” needed. Think of it as the digital equivalent of a perfectly choreographed burglary. Only the criminals don’t peel out in a getaway car; they lurk silently, awaiting your next misstep or opening.
93% of Malware Uses at Least One Top 10 MITRE ATT&CK Technique
Despite the expansive MITRE ATT&CK® framework, most adversaries stick to a core set of TTPs. Among the Top 10 ATT&CK techniques provided in the Red Report, the following exfiltration and stealth techniques remain the most used:
The combined effect? Legitimate-seeming processes use legitimate tools to collect and transmit data over widely used network channels. Not surprisingly, these techniques can be difficult to detect through signature-based methods alone. However, using behavioral analysis, particularly when multiple techniques are used to monitor and correlate data together, makes it far easier to spot anomalies. Security teams need to focus on looking for malicious activity that appears virtually indistinguishable from normal network traffic.
Back to Basics for a Better Defense
Today’s threats often chain together numerous attack stages to infiltrate, persist, and exfiltrate. By the time one step is identified, attackers may already have moved on to the next. So, while the threat landscape is undeniably sophisticated, the silver lining uncovered in the Red Report 2025 is rather straightforward: most current malicious activity actually revolves around a small set of attack techniques. By doubling down on modern cyber security fundamentals, such as rigorous credential protection, advanced threat detection, and continuous security validation, organizations can confidently ignore the tsunami of AI hype for now and focus instead on confronting the threats that are actually targeting them today.
Ready to Cut Through the AI Hype and Strengthen Your Defenses?
While the headlines are fixated on AI, Picus Security, the pioneer of Breach and Attack Simulation (BAS) since 2013, is intently focused on the methods and techniques attackers are actually using: tried-and-true TTPs. The Picus Security Validation Platform continuously assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential protection and rapid threat detection.
Ready to see the difference for yourself? Download the Picus Red Report 2025 or visit picussecurity.com to learn how to tune out the hype and keep real threats at bay.
Note: This article was written by Dr. Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, where simulating cyber threats and strengthening organizations’ defenses are what we do every day.