The average e-crime breakout time fell to 29 minutes in 2025, with the fastest observed breakout occurring in only 27 seconds. Adversaries are also exploiting AI systems directly, injecting malicious prompts into GenAI tools at more than 90 organisations and abusing AI development platforms.

AI-enabled adversaries increased operations by 89 % year on year, weaponising AI across reconnaissance, credential theft and evasion. Intrusions increasingly move through trusted identities, SaaS applications and cloud infrastructure, blending into normal activity and compressing defenders’ response times.

Based on intelligence tracking more than 280 adversaries, the report highlights that malicious prompt injection is emerging as a new attack vector, enabling credential theft and ransomware deployment through legitimate AI tools. AI-driven attacks have accelerated breakout speed, with data exfiltration observed within minutes of initial access. Nation-state and e-crime actors are also adopting AI-enabled malware, automated credential dumping and synthetic personas to scale operations.

“ This is an AI arms race,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike.“ Breakout time is the clearest signal of how intrusion has changed. Adversaries are moving from initial access to lateral movement in minutes. AI is compressing the time between intent and execution while turning enterprise AI systems into targets. Security teams must operate faster than the adversary to win.”

SC2, a leading nonprofit member organisation for cybersecurity professionals, has launched the Code of

Professional Conduct( Code), a global framework dedicated to principled and ethical practices across the cybersecurity profession.

Building upon the ISC2 Code of Ethics, the Code establishes clear expectations for the responsibilities and obligations of cybersecurity leaders and practitioners around the world. It provides guidance for cybersecurity professionals to make sound decisions, foster trust and uphold the highest integrity of the cybersecurity workforce.

“ The Code provides a shared foundation for guiding ethical decision-making and professional conduct, especially as emerging technologies like AI reshape how organisations operate and how security decisions are made. Leveraging the collective input and decades of experience from more than 1,000 ISC2 volunteers, the Code provides comprehensive guidance for everyone working in the cybersecurity field.”

As the cybersecurity profession continues to navigate ethical challenges such as those posed by AI, disinformation and evolving digital threats, the Code will reinforce how professionals can navigate complex and other unprecedented situations with integrity and confidence.

“ Cybersecurity professionals have a profound responsibility not only to protect and secure individuals, organisations and systems around the world but also to uphold the integrity, accountability and trust that the profession depends on,” said ISC2 Chief Executive Officer Scott Beale.

WWW. INTELLIGENTCISO. COM 9