CrowdStrike Reveals AI Security Risks in 2025 Threat Report

News Desk - 08/09/2025

CrowdStrike (NASDAQ: CRWD) today announced the release of its 2025 Threat Hunting Report, highlighting a new phase in cyberattacks and rising AI security concerns. The report revealed that adversaries are operationalizing GenAI to scale operations and accelerate attacks. Increasingly, these actors are targeting autonomous AI agents reshaping enterprise operations.

The report revealed that threat actors are targeting tools used to build AI agents, stealing credentials, and deploying malware. This indicates that autonomous systems and machine identities have become central to the enterprise attack surface.

According to CrowdStrike, adversaries are weaponizing AI at scale. DPRK-linked FAMOUS CHOLLIMA used GenAI to automate insider attacks, from fake resumes to deepfake interviews. Russia-linked EMBER BEAR amplified pro-Russia narratives, while Iran-linked CHARMING KITTEN deployed LLM-crafted phishing lures targeting U.S. and EU entities.

CrowdStrike also reported that agentic AI is now part of the attack surface. Threat actors exploited vulnerabilities in AI tools, gained unauthenticated access, and deployed malware and ransomware. GenAI-built malware is no longer theoretical. Actors like Funklocker and SparkCat are already operationalizing AI to generate scripts and malware.

The report further revealed that SCATTERED SPIDER has accelerated identity-based attacks. The group bypassed MFA, reset credentials, and deployed ransomware across SaaS and cloud environments in under 24 hours. China-linked adversaries continued cloud attacks, with activity rising 136%. GENESIS PANDA and MURKY PANDA evaded detection through cloud misconfigurations and trusted access.

Adam Meyers, head of counter adversary operations at CrowdStrike, stated: “The AI era has redefined business operations and cyberattacks. Adversaries are using GenAI to scale social engineering and target autonomous AI agents. Securing these AI systems is now a critical battleground in enterprise security.”

Bullet Points:

GenAI is being used to automate insider attacks and phishing campaigns.
Agentic AI and autonomous systems are new high-value targets for cybercriminals.
Cloud intrusions surged 136%, with China-linked actors driving much of the increase.