AI Accelerates Attacker Breakout Time to Just Four Minutes

Staff Editor 2026-02-24
AI Accelerates Attacker Breakout Time to Just Four Minutes

AI Accelerates Attacker Breakout Time to Just Four Minutes

https://www.infosecurity-magazine.com/news/ai-accelerates-attack-breakout/

Publish Date: 2026-02-24 08:00:00

Source Domain: www.infosecurity-magazine.com

AI is helping threat actors to accelerate attacks, but it can also empower incident responders to quickly contain threats, ReliaQuest has claimed in a new report.

The firm’s Annual Cyber-Threat Report 2026 is based on an analysis of customer incidents.

It found that breakout time last year took on average just 34 minutes; 29% quicker than in 2024. The fastest ever recorded time taken from access to lateral movement was just four minutes – 85% faster than the year before.

The fastest recorded exfiltration time was just six minutes; down from 4 hours 29 minutes in 2024.

ReliaQuest said these stats can be explained by the growing use of automation and AI, with 80% of ransomware groups using one or both in their attacks last year.

AI is also being used prior to attacks, the report claimed. It can help threat actors with reconnaissance by automating the analysis of social media profiles, corporate websites and public data sources in order to identify high-value targets and draft convincing social engineering scripts.

Read more on AI-driven threats: Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches.

Elsewhere, the report revealed that a quarter of attacks used social engineering for initial access last year, with ClickFix responsible for delivering most (59%) of the top malware families.

The social engineering technique is also the reason why drive-by-compromise is now the top initial access technique, just ahead of phishing.

Common Security Failures

ReliaQuest also revealed why many incident responders are struggling to match the speed and sophistication of modern threat groups. The most common security control failures it found in 2025 were:

  • Insufficient  logging which allows attacks to go undetected
  • Unmanaged devices without security controls like endpoint protection or monitoring agents
  • Insecure VPNs lacking MFA or device-based certificates, which allow attackers to exploit stolen credentials
  • External…

Source

More Stories

OpenAI Introduces Lockdown Mode To Combat AI Data Exfiltration Risks Amid Growing Prompt Injection Threats

OpenAI Introduces Lockdown Mode To Combat AI Data Exfiltration Risks Amid Growing Prompt Injection Threats

Staff Editor 2026-06-06

Frost & Sullivan: AI-driven, Cloud-native SIEM Platforms Will Define the Next Era of Cybersecurity Operations

Staff Editor 2026-06-06
RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

RSU cybersecurity graduate, student leader accepts staff position in Student Affairs | News

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy