57 hours total. That’s all it takes for a hacker to use stolen credentials to escape recognition and horizontally move across your network, undetected.
Adam Meyers, senior vice president of counter attack operations at , explained to VentureBeat just how fast intruders can rise privileges and move laterally once they reach a system. The next phase usually involves some form of lateral activity, which we like to classify as breakout time. In other words, how long does it take from the moment they first gain access to another program? The fastest breakthrough day we observed was 51 hours. So these adversaries are moving more quickly, which makes the player’s work much harder, according to Meyers.
Weaponized AI demands an ever-increasing have for rate
AI is far and away an assailant’s weapon of choice today. It’s affordable, quick, and flexible, allowing attackers to build social engineering attacks and start voice phishing attacks in a fraction of the time that past technologies was.
Vishing is out of power as a result of adversaries fine-tuning their trade style with AI. CrowdStrike’s 2025 International Threat Report found that spoofing exploded by 442 % in 2024. It’s the most popular first access technique used by attackers to trick victims into giving them access to sensitive information, reset their credentials, and grant distant access over the phone.
In 2024, voice-based hacking increased by 442 %. This is social architecture, and this is indicative of the fact that opponents are finding new ways to gain access because…we’re kind of in this new world where enemies have to work a little bit harder or separately to avoid modern terminal security equipment”, Meyers said.
Phishing is still a menace, too. According to Meyers,” We’ve seen that phishing emails have a higher click-through rate when it’s AI-generated content, a 54 % click-through rate, compared to 12 % when a man is behind it,”
The Chinese Green Cicada community has used an AI-driven information generator to create and run 5, 000+ fake accounts on social media to spread election propaganda. The notorious CHOLLIMA adversary group in North Korea is using generative AI to create fake LinkedIn profiles of IT job candidates in an effort to elude permanent employees from global aerospace, defense, software, and technology firms.
CIOs and CISOs are discovering new strategies to combat.
A sure sign attackers ‘ AI tradecraft is maturing fast is how successful they’re being with identity-based attacks. Malware is now the most common breach technique, with identity attacks taking over. In contrast, 69 percent of initial access attacks in 2024 were malware-free, relying instead on phishing, deepfake scams, and stolen credentials. One in three, or 35 %, of cloud intrusions leveraged valid credentials last year.
” Adversaries have discovered that using social engineering or stealing legitimate credentials is one of the quickest ways to gain access to an environment. Bringing malware into a contemporary business with modern security equipment is similar to trying to bring a water bottle into an airport because TSA is likely to catch you, Meyers explains.
” We found a gap in our ability to revoke legitimate identity session tokens at the resource side”, Alex Philips, CIO at National Oilwell Varco ( NOV), told VentureBeat in a recent interview. We now have a startup business that is assisting us in finding solutions for our most common resources, which require us to quickly revoke access. It isn’t enough to simply disable an account or reset a password. You have to revoke session tokens”.
NoV uses a variety of tactics to defend against attacks. Philips cited the following as essential for halting the increasingly AI-driven attacks that rely on deception and stolen credentials and identities:
- ” Zero trust isn’t just helpful, it’s mandatory. It provides a forced security policy enforcement gateway that renders unauthorized session tokens,” advises Philips. In some of the more sophisticated attacks, identity session token theft is used. With these types of attacks increasing, NOV is tightening identity policies, enforcing conditional access and finding quick ways to revoke valid tokens when they’re stolen.
- Philips ‘ tip to peers looking to stop ultra-fast identity-based attacks is to concentrate on removing the single points of failure. Make sure to have a separation of duties, ensure no one person or service account can reset a password, enable multi-factor access, and bypass conditional access.  , Have already-tested processes to revoke valid identity session tokens”, Philips recommends.  ,
- Reset passwords right away, and you’ll save time by removing session tokens right away. ” Resetting a password isn’t enough anymore — you have to revoke session tokens instantly to stop lateral movement”, Philips told VentureBeat.
Three fundamental tactics for preventing lightning-fast breaches
51-second breakouts are a sign of a much bigger and more severe identity and access management ( IAM ) flaw in organizations. Core to this breakdown in IAM security is assuming trust is enough to protect your business ( it isn’t ). Every identity, session, and resource request must be authenticated. The place to start is if your business has been violated.  ,
Three lessons about preventing lightning-fast breaches, which Philips and CrowdStrike’s research validate, show that these attacks are the new standard of weaponized AI:
Start off attacks at the authentication layer before spreading the breach. Make stolen credentials and session tokens useless as fast as you can. That must begin with figuring out how to shorten token lifetimes and implement real-time revocation to stop attackers in mid-movement.
- If you don’t already have one, start creating a solid framework and a business-specific framework. Read more about the zero-trust framework in the NIST standard, a widely referenced document among cybersecurity planning teams.
- Double down on IAM verification methods by using stricter authentication standards to verify that a calling party is the person they say they are. To verify the identities of those calling in for credentials, password resets, or remote access, Phillips relies on a variety of forms of authentication.  ,” We drastically reduced who can perform password or multi-factor resets. No one should be able to circumvent these restrictions, he said.
Use AI-based threat detection to identify threats in real time.  , AI and machine learning ( ML) excel at anomaly detection across large datasets that they also train on over time. The objective is to identify and contain a potential breach or intrusion attempt in real time. As the attack datasets they are trained on become better, AI and ML techniques keep getting better.
- Enterprises are seeing strong results from AI-powered SIEM and identity analytics that immediately identify suspicious login attempts, enforcing segmentation for a given endpoint or entry point.
- NOV is using AI to identify credential-based threats and identity theft in real time. According to Phillips,” we now have AI that can look up incidents or the high probability of incidents.”  , Not 100 % real time, but short-lag time”.
To stop lateral movement, unify endpoint, cloud, and identity security. In order to contain a breach within the segments ‘ boundaries, core to zero trust is defining segmentation at the endpoint and network levels. The goal is to keep enterprise systems and infrastructure secure. Lightning-quick attacks are contained by having them unified and don’t spread laterally across a network.
- Use the combined data to identify and expose intrusions, breaches, and emerging threats by integrating identity, cloud, and endpoint telemetry.
- Adversaries are exploiting vulnerabilities to gain initial access. The need to secure exposed systems before attackers can gain a foothold reinforced the fact that 52 percent of vulnerabilities found were tied to initial access. To stop lateral movement and unauthorized access, this finding underscores the need to lock down SaaS and cloud control planes.
- Shift from malware detection to credential abuse prevention. That requires conducting an audit of all cloud access accounts, removing those that are no longer required.
Using AI to stop high-speed attacks
To win the AI war, attackers are weaponizing AI to launch lightning-quick attacks while at the same time creating vishing, deepfakes and social engineered campaigns to steal identities. Phillips ‘ strategies for preventing them, including using AI-driven detection and instantly revoking tokens to stop stolen sessions before they spread, are working.
Zero trust is at the heart of Philips ‘ and many other cybersecurity and IT leaders ‘ strategies. Time and again, VentureBeat sees security leaders who succeed in battling back against machine-speed attacks are those championing least privileged access, network and endpoint segmentation, monitoring every transaction and request for resources, and continually verifying identities.
