TLDR: The 2025 CrowdStrike Threat Hunting Report highlights a significant shift in cyber warfare, with adversaries increasingly using Generative AI (GenAI) to automate and scale attacks. The report also identifies autonomous AI agents as a new critical attack surface, with threat actors exploiting vulnerabilities in AI building tools to gain access, steal credentials, and deploy malware.
CrowdStrike, a prominent cybersecurity leader, has released its 2025 Threat Hunting Report at Black Hat USA 2025, unveiling a new era of cyber threats where adversaries are weaponizing Generative AI (GenAI) to amplify their operations and accelerate attacks. The report emphasizes that these malicious actors are not only leveraging AI for their campaigns but are also increasingly targeting the autonomous AI agents that are reshaping enterprise operations.
According to the report, over 320 companies have been infiltrated by GenAI-powered cyberattacks across various sectors. A notable example is the DPRK-nexus adversary group, FAMOUS CHOLLIMA, which has utilized GenAI to automate every phase of its insider attack program. This includes creating fake resumes, conducting deepfake interviews, and performing technical tasks under false identities, transforming traditional insider threats into scalable and persistent operations. Furthermore, the report notes that Russia-nexus adversary EMBER BEAR has employed GenAI to amplify pro-Russia narratives, while Iran-nexus adversary CHARMING KITTEN has deployed LLM-crafted phishing lures targeting entities in the U.S. and EU.
Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, underscored the evolving landscape, stating, ‘The AI era has redefined how businesses operate and how adversaries attack. Adversaries now target AI systems as they do SaaS platforms and cloud infrastructures, making securing AI a critical priority for enterprises.’ He added, ‘We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions.’
A critical finding of the report is the emergence of ‘Agentic AI’ as a new attack surface. CrowdStrike has observed multiple threat actors exploiting vulnerabilities in tools used to build AI agents. These exploits allow adversaries to gain unauthenticated access, establish persistence, harvest credentials, and deploy malware and ransomware. This trend signifies that autonomous AI agents are now a core component of the enterprise attack surface, with threat actors treating them as infrastructure, similar to how they target SaaS platforms, cloud consoles, and privileged accounts.
Also Read:
- Netskope Threat Labs Warns of Escalating ‘Shadow AI’ Risks Amidst Surging GenAI Adoption
- AI Toolkit Enables LLMs to Autonomously Replicate Cyberattacks, Raising Security Concerns
The report also highlights a significant increase in cloud intrusions, which rose by 136 percent. China-linked adversaries were responsible for 40 percent of this heightened activity, with groups like GENESIS PANDA and MURKY PANDA evading detection through cloud misconfigurations and trusted access. CrowdStrike continues to leverage its Falcon platform to provide advanced security measures against these emerging threats, offering rapid deployment and superior protection.
