AI & the adversary: what’s actually happening in 2026

RAID Files | Episode 01

Hosted by Dominika Pietrzak, RAID

Every AI lab, EDR vendor, and threat intel team had something to say about adversarial AI this year. That’s a lot to read through. And honestly, figuring out what’s actual risk versus a catchy headline is a job in itself.

In the first episode of RAID Files, Dom from CovertSwarm’s Red Team AI Division does that job for you. One video. Everything that matters heading into the new financial year.

Dark office with an empty chair by a window representing constant cyber attack and unseen threats

Attacks are getting faster.

The average time from initial access to lateral movement is now 29 minutes, down 65% from 2024. The fastest CrowdStrike recorded? 27 seconds.

AI has become standard adversary practice.

Not experimental. Not emerging. Standard. AI-enabled attacks are up 89% year on year, and 82% of CrowdStrike’s 2025 detections were malware-free. Attackers aren’t breaking in. They’re logging in.

The tools aren’t special.

ChatGPT. Claude. Cursor. There’s no secret adversary AI. It’s the same tooling you use every day, just pointed differently.

Sources referenced

 

Anthropic: Threat Intelligence Report: August 2025 | Anthropic: Disrupting the first reported AI-orchestrated cyber espionage campaign | Anthropic: Detecting and preventing distillation attacks | Bloomberg: Hacker used Anthropic’s Claude to steal Mexican data trove |
Crowdstrike: 2026 Global Threat Report | Gitlab: GitLab Threat Intelligence Team reveals North Korean tradecraft | Google: Adversarial misuse of generative AI | Google: GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use | Google: GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools | Google: Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign |  http418infosec: Developing An AI Vishing Model For £37.49 |  OpenAI: Disrupting malicious uses of AI: June 2025 | OpenAI: Disrupting malicious uses of AI: an update | OpenAI: Disrupting malicious uses of our models | Pindrop: One meeting could cost you millions | Truffle Security: Claude Tried to Hack 30 Companies. Nobody Asked It To. | The Guardian: North Korean IT workers sent US pay home for weapons program, says FBI

Want to know how your organization holds up against the tactics covered in this episode?

Talk to us